ldapsearch -H ldap://ad-server.ADTEST.domain.com -Y GSSAPI -b '' -s base
causes this event 02/13/2020 08:59:28 AM LogName=Directory Service SourceName=Microsoft-Windows-ActiveDirectory_DomainService EventCode=2889 EventType=4 Type=Information ComputerName=dc.adtest.domain.com User=ANONYMOUS LOGON Sid=S-1-5-7 SidType=5 TaskCategory=LDAP Interface OpCode=The operation completed successfully. RecordNumber=247387 Keywords=Classic Message=The following client performed a SASL (Negotiate/Kerberos/NTLM/Digest) LDAP bind without requesting signing (integrity verification), or performed a simple bind over a clear text (non-SSL/TLS-encrypted) LDAP connection. Client IP address: xxx.xxx.xxx.xxx:47824 Identity the client attempted to authenticate as: ADTEST\ANTI-TEST$ Binding Type: 0 -----Original Message----- From: Sumit Bose <[email protected]> Sent: Thursday, February 13, 2020 8:51 AM To: End-user discussions about the System Security Services Daemon <[email protected]> Subject: [SSSD-users] Re: sssd 1.16.4. ADV190023. On Thu, Feb 13, 2020 at 01:42:33PM +0000, Mote, Todd wrote: > I'll work on getting that today. This is what I know so far. > > > > Test system updated through our Satellite, so nothing special or different. > Yum updated everything: > > RHEL 7.7 > > sssd-1.16.4-21.el7_7.1.x86_64 > > adcli-0.8.1-9.el7.x86_64 > > > > Domain: > > Windows Server 2016 > > regkey ldapserverintegrity=2 > > regkey ldapenforcechannelbinding=1 > > > > we splunk our domain logs and my coworker wrote a dashboard to display the > entries when either simple binds or unsigned sasl occur. Over the last 24 > hours my test host triggered the unsigned sasl entry 13 times. Each entry > corresponds precisely to the adcli check password attempt in the logs. It > doesn't log an unsigned sasl event every hour, and a couple of times not at > all for several hours. I'm not sure what's behind that. Times here are UTC > -6. I’m in the 7:00 hour here. The most recent entry is below. I’ll work > to get a trace running by the next hour, in case it logs it again. Hi, can you try to run the following ldapsearch commands and check which one causes a message in the event log? ldapsearch -H cldap://ad-server.ADTEST.domain.com -b '' -s base '(&(DnsDomain=ADTEST.domain.com)(NtVer=\14\00\00\00))' netlogon ldapsearch -H ldap://ad-server.ADTEST.domain.com -x -b '' -s base '(&(DnsDomain=ADTEST.domain.com)(NtVer=\14\00\00\00))' netlogon ldapsearch -H ldap://ad-server.ADTEST.domain.com -x -b '' -s base kinit '[email protected]' ldapsearch -H ldap://ad-server.ADTEST.domain.com -Y GSSAPI -b '' -s base kinit '[email protected]' ldapsearch -H ldap://ad-server.ADTEST.domain.com -Y GSS-SPNEGO -b '' -s base bye, Sumit > > > > This behavior also happens with RHEL 8, sssd 2.2 and adcli 0.8.2. I see the > same entries logged in both the sssd log on the device and the domain. > > > Timestamp<https://splunk.security.utexas.edu/en-US/app/ut_itsy-ad-moni > toring/search?earliest=-24h%40h&latest=now&q=search%20%60ADlogs%60%20s > ource%3D%22WinEventLog%3ADirectory%20Service%22%20EventCode%3D2889%20% > 7C%20rex%20field%3DMessage%20%22(%3Fs)%5E(%3F%3CeMessage%3E.*%5C.)%5Cs > *Client%20IP%20address%3A%5Cs*(%3F%3CClientIPAddress%3E.*)%3A(%3F%3CPo > rt%3E%5Cd%2B)%5Cs*Identity%20the%20client%20attempted%20to%20authentic > ate%20as%3A%5Cs*(%3F%3CUserName%3E%5CS*)%5Cs*Binding%20Type%3A%5Cs*(%3 > F%3CBindingType%3E%5Cd)%24%22%20%7C%20eval%20Timestamp%3Dstrftime(_tim > e%2C%20%22%25m-%25d-%25Y%20%25H%3A%25M%3A%25S%22)%20%7C%20lookup%20dns > lookup%20clientip%20as%20ClientIPAddress%20OUTPUT%20clienthost%20as%20 > FQDN%20%7C%20search%20BindingType%3D*%20ClientIPAddress%3D146.6.182.22 > 6%20%7C%20%20eval%20BindingType%3Dcase(BindingType%3D%3D0%2C%22Unsigne > d%20SASL%22%2CBindingType%3D%3D1%2C%22Simple%22)%20%7C%20sort%20-Times > tamp%20%7C%20rename%20ClientIPAddress%20as%20%22Client%20IP%20Address% > 22%2CUserName%20as%20%22User%20Name%22%2CBindingType%20as%20%22Binding > %20Type%22%20%7C%20table%20Timestamp%2C%22Client%20IP%20Address%22%2CF > QDN%2C%22User%20Name%22%2C%22Binding%20Type%22&display.page.search.mod > e=smart&dispatch.sample_ratio=1&display.page.search.tab=statistics&dis > play.general.type=statistics&display.statistics.sortColumn=Timestamp&d > isplay.statistics.sortDirection=desc&sid=1581600147.468973_8220FB8F-01 > FA-4F7E-929B-F56DE7E31D3B> User > Name<https://splunk.security.utexas.edu/en-US/app/ut_itsy-ad-monitorin > g/search?earliest=-24h%40h&latest=now&q=search%20%60ADlogs%60%20source > %3D%22WinEventLog%3ADirectory%20Service%22%20EventCode%3D2889%20%7C%20 > rex%20field%3DMessage%20%22(%3Fs)%5E(%3F%3CeMessage%3E.*%5C.)%5Cs*Clie > nt%20IP%20address%3A%5Cs*(%3F%3CClientIPAddress%3E.*)%3A(%3F%3CPort%3E > %5Cd%2B)%5Cs*Identity%20the%20client%20attempted%20to%20authenticate%2 > 0as%3A%5Cs*(%3F%3CUserName%3E%5CS*)%5Cs*Binding%20Type%3A%5Cs*(%3F%3CB > indingType%3E%5Cd)%24%22%20%7C%20eval%20Timestamp%3Dstrftime(_time%2C% > 20%22%25m-%25d-%25Y%20%25H%3A%25M%3A%25S%22)%20%7C%20lookup%20dnslooku > p%20clientip%20as%20ClientIPAddress%20OUTPUT%20clienthost%20as%20FQDN% > 20%7C%20search%20BindingType%3D*%20ClientIPAddress%3D146.6.182.226%20% > 7C%20%20eval%20BindingType%3Dcase(BindingType%3D%3D0%2C%22Unsigned%20S > ASL%22%2CBindingType%3D%3D1%2C%22Simple%22)%20%7C%20sort%20-Timestamp% > 20%7C%20rename%20ClientIPAddress%20as%20%22Client%20IP%20Address%22%2C > UserName%20as%20%22User%20Name%22%2CBindingType%20as%20%22Binding%20Ty > pe%22%20%7C%20table%20Timestamp%2C%22Client%20IP%20Address%22%2CFQDN%2 > C%22User%20Name%22%2C%22Binding%20Type%22&display.page.search.mode=sma > rt&dispatch.sample_ratio=1&display.page.search.tab=statistics&display. > general.type=statistics&display.statistics.sortColumn=Timestamp&displa > y.statistics.sortDirection=desc&sid=1581600147.468973_8220FB8F-01FA-4F > 7E-929B-F56DE7E31D3B> Binding > Type<https://splunk.security.utexas.edu/en-US/app/ut_itsy-ad-monitorin > g/search?earliest=-24h%40h&latest=now&q=search%20%60ADlogs%60%20source > %3D%22WinEventLog%3ADirectory%20Service%22%20EventCode%3D2889%20%7C%20 > rex%20field%3DMessage%20%22(%3Fs)%5E(%3F%3CeMessage%3E.*%5C.)%5Cs*Clie > nt%20IP%20address%3A%5Cs*(%3F%3CClientIPAddress%3E.*)%3A(%3F%3CPort%3E > %5Cd%2B)%5Cs*Identity%20the%20client%20attempted%20to%20authenticate%2 > 0as%3A%5Cs*(%3F%3CUserName%3E%5CS*)%5Cs*Binding%20Type%3A%5Cs*(%3F%3CB > indingType%3E%5Cd)%24%22%20%7C%20eval%20Timestamp%3Dstrftime(_time%2C% > 20%22%25m-%25d-%25Y%20%25H%3A%25M%3A%25S%22)%20%7C%20lookup%20dnslooku > p%20clientip%20as%20ClientIPAddress%20OUTPUT%20clienthost%20as%20FQDN% > 20%7C%20search%20BindingType%3D*%20ClientIPAddress%3D146.6.182.226%20% > 7C%20%20eval%20BindingType%3Dcase(BindingType%3D%3D0%2C%22Unsigned%20S > ASL%22%2CBindingType%3D%3D1%2C%22Simple%22)%20%7C%20sort%20-Timestamp% > 20%7C%20rename%20ClientIPAddress%20as%20%22Client%20IP%20Address%22%2C > UserName%20as%20%22User%20Name%22%2CBindingType%20as%20%22Binding%20Ty > pe%22%20%7C%20table%20Timestamp%2C%22Client%20IP%20Address%22%2CFQDN%2 > C%22User%20Name%22%2C%22Binding%20Type%22&display.page.search.mode=sma > rt&dispatch.sample_ratio=1&display.page.search.tab=statistics&display. > general.type=statistics&display.statistics.sortColumn=Timestamp&displa > y.statistics.sortDirection=desc&sid=1581600147.468973_8220FB8F-01FA-4F > 7E-929B-F56DE7E31D3B> > 02-13-2020 07:12:33 > ADTEST\ANTI-TEST$ > Unsigned SASL > 02-13-2020 05:12:34 > ADTEST\ANTI-TEST$ > Unsigned SASL > 02-13-2020 03:12:34 > ADTEST\ANTI-TEST$ > Unsigned SASL > 02-13-2020 02:12:35 > ADTEST\ANTI-TEST$ > Unsigned SASL > 02-13-2020 01:12:34 > ADTEST\ANTI-TEST$ > Unsigned SASL > 02-12-2020 23:12:34 > ADTEST\ANTI-TEST$ > Unsigned SASL > 02-12-2020 22:12:34 > ADTEST\ANTI-TEST$ > Unsigned SASL > 02-12-2020 19:12:34 > ADTEST\ANTI-TEST$ > Unsigned SASL > 02-12-2020 17:12:34 > ADTEST\ANTI-TEST$ > Unsigned SASL > 02-12-2020 14:12:34 > ADTEST\ANTI-TEST$ > Unsigned SASL > 02-12-2020 13:12:34 > ADTEST\ANTI-TEST$ > Unsigned SASL > 02-12-2020 09:12:35 > ADTEST\ANTI-TEST$ > Unsigned SASL > 02-12-2020 08:12:34 > ADTEST\ANTI-TEST$ > Unsigned SASL > > > > > > (Thu Feb 13 07:12:33 2020) [sssd[be[adtest.domain.com]]] > [ad_machine_account_password_renewal_done] (0x1000): --- adcli output > start--- > > * Found realm in keytab: ADTEST.domain.com > > * Found computer name in keytab: ANTI-TEST > > * Found service principal in keytab: host/ANTI-TEST > > * Found service principal in keytab: host/anti-test.adtest.domain.com > > * Found host qualified name in keytab: anti-test.adtest.domain.com > > * Found service principal in keytab: RestrictedKrbHost/ANTI-TEST > > * Found service principal in keytab: > RestrictedKrbHost/anti-test.adtest.domain.com > > * Using fully qualified name: anti-test.adtest.domain.com > > * Using domain name: adtest.domain.com > > * Calculated computer account name from fqdn: ANTI-TEST > > * Using domain realm: adtest.domain.com > > * Sending netlogon pings to domain controller: cldap:// > xxx.xxx.xxx.xxx > > * Received NetLogon info from: dc01a.adtest.domain.com > > * Wrote out krb5.conf snippet to > /tmp/adcli-krb5-RCmgmC/krb5.d/adcli-krb5-conf-vPdhBf > > * Authenticated as default/reset computer account: ANTI-TEST > > * Looked up short domain name: ADTEST > > * Looked up domain SID: S-1-5-21-xxxxxxxxxx-xxxxxxxxxx-xxxxxxxxx > > * Using fully qualified name: anti-test.adtest.domain.com > > * Using domain name: adtest.domain.com > > * Using computer account name: ANTI-TEST > > * Using domain realm: adtest.domain.com > > * Using fully qualified name: anti-test.adtest.domain.com > > * Enrolling computer name: ANTI-TEST > > * Generated 120 character computer password > > * Using keytab: FILE:/etc/krb5.keytab > > * Found computer account for ANTI-TEST$ at: > CN=ANTI-TEST,OU=Dev,OU=Linux,OU=moter,OU=ITSY-Staff,OU=ITSY,OU=Departm > ents,DC=adtest,DC=domain,DC=com > > * Retrieved kvno '6' for computer account in directory: > CN=ANTI-TEST,OU=Dev,OU=Linux,OU=moter,OU=ITSY-Staff,OU=ITSY,OU=Departm > ents,DC=adtest,DC=domain,DC=com > > * Password not too old, no change needed > > * Sending netlogon pings to domain controller: cldap://xxx.xxx.xxx.xxx > > * Received NetLogon info from: dc01a.adtest.domain.com > > * Checking RestrictedKrbHost/anti-test.adtest.domain.com > > * Added RestrictedKrbHost/anti-test.adtest.domain.com > > * Checking host/anti-test.adtest.domain.com > > * Added host/anti-test.adtest.domain.com > > * Checking RestrictedKrbHost/ANTI-TEST > > * Added RestrictedKrbHost/ANTI-TEST > > * Checking host/ANTI-TEST > > * Added host/ANTI-TEST > > ---adcli output end--- > > > > Todd > > > > -----Original Message----- > From: Sumit Bose <[email protected]> > Sent: Thursday, February 13, 2020 1:36 AM > To: [email protected] > Subject: [SSSD-users] Re: sssd 1.16.4. ADV190023. > > > > On Wed, Feb 12, 2020 at 01:11:14PM +0000, Mote, Todd wrote: > > > Sumit > > > > > > Any idea on when your SASL/GSS-SPNEGO patch for adcli might make it > > downstream? It seems that adcli is checking once an hour on the age of the > > password and is the only thing left on my test hosts that is triggering the > > Unsigned SASL event on our domain controllers. I have tinkered with the > > GSSAPI and other settings in ldap.conf, so none of the connections are > > simple, just unsigned, which isn't terrible, but it'd be nice to eliminate > > them altogether, ya know? > > > > Hi, > > > > they are planned for the next RHEL releases and I'm about to prepare Fedora > packages. > > > > I did some tests with older RHEL7 versions and didn't come across issues even > with only SASL/GSSAPI when I enforce channel binding and LDAP signing on AD. > Would it be possible to send a network trace which covers the connection > attempt of adcli which causes the issue? > > > > bye, > > Sumit > > > > > > > > Todd > > > > > > -----Original Message----- > > > From: Sumit Bose <[email protected]<mailto:[email protected]>> > > > Sent: Thursday, February 6, 2020 10:18 AM > > > To: > > [email protected]<mailto:[email protected] > > ed.org> > > > Subject: [SSSD-users] Re: sssd 1.16.4. ADV190023. > > > > > > On Thu, Feb 06, 2020 at 03:05:13PM +0000, Ondrej Valousek wrote: > > > > did you try refreshing the machine password in AD?Looks like it's too old. > > > > O. > > > > ________________________________ > > > > From: David David <[email protected]<mailto:[email protected]>> > > > > Sent: Thursday, February 6, 2020 12:09 PM > > > > To: > > > [email protected]<mailto:[email protected] > > > sted.org> > > > > <[email protected]<mailto:[email protected] > > > osted.org>> > > > > Subject: [SSSD-users] sssd 1.16.4. ADV190023. > > > > > > > > Hello, > > > > i guess that you probably heard about ADV190023. Our AD admin told me > > > that linux servers which are under my responsibility send an unsigned > > > request to AD, what could be a problem related to this incomming Ad > > > patch: > > > https://nam05.safelinks.protection.outlook.com/?url=https%3A%2F%2Fsupport.microsoft.com%2Fen-us%2Fhelp%2F4520412%2F2020-ldap-channel-binding-and-ldap-signing-requirement-for-windows&data=02%7C01%7Cmoter%40austin.utexas.edu%7C282ee4414b1242200e5908d7b0944929%7C31d7e2a5bdd8414e9e97bea998ebdfe1%7C1%7C0%7C637172023246950934&sdata=jfHdRpn6S5Eq04rAnU%2FwvhbMLCw3RSDZo9nNAEaC7Tg%3D&reserved=0. > > > > > > > > I am using sssd in "sssd-ad mode." The communication between a linux > > > servers and our AD is crypted by kerberos, so this should be ok. > > > > > > > > I found only one kind of request which could result in potential failure. > > > After mentioned patching implementation. See please below: > > > > > > > > (Wed Feb 5 16:57:21 2020) [sssd[be[AD]]] [be_ptask_execute] (0x0400): > > > > Task [AD machine account password renewal]: executing task, > > > timeout > > > > 60 seconds (Wed Feb 5 16:57:21 2020) [sssd[be[AD]]] > > > [be_ptask_done] > > > > (0x0400): Task [AD machine account password renewal]: finished > > > > successfully (Wed Feb 5 16:57:21 2020) [sssd[be[AD]]] > > > > [be_ptask_schedule] (0x0400): Task [AD machine account password > > > > renewal]: scheduling task 86400 seconds from last > > > > > > Hi, > > > > > > Ondrej is right, those messages are related to adcli trying to > > update > > > the machine account password if it is too old. To check when the > > > password was last updated adcli uses LDAP with SASL/GSSAPI. I've > > added > > > a patch so that SASL/GSS-SPNEGO is used when it is available in the > > AD > > > DC side > > > https://nam05.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgi > > tl > > > ab.freedesktop.org%2Frealmd%2Fadcli%2Fcommit%2Fa6f795ba3d6048b32d786 > > 34 > > > 68688bf7f42b2cafd&data=02%7C01%7Cmoter%40austin.utexas.edu%7C877 > > 19 > > > 229ad54467ff98808d7b0576033%7C31d7e2a5bdd8414e9e97bea998ebdfe1%7C1%7 > > C1 > > > %7C637171761658405405&sdata=rPcG9mknHufVZUy6ege6n2vx%2B1Hy5XQhDn > > 7H > > > 8ugqlzA%3D&reserved=0 With SASL/GSS-SPNEGO all requirements are > > > negotiated automatically and signing should be switched on if required. > > > > > > With SASL/GSSAPI you might be able to tune this manually, see e.g. the SASL > > and GSSAPI options in man ldap.conf for details. > > > > > > There is also a patch for adcli which tells adcli to use ldaps > > > https://nam05.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgi > > tl > > > ab.freedesktop.org%2Frealmd%2Fadcli%2Fcommit%2F85097245b57f190337225 > > db > > > dbf6e33b58616c092&data=02%7C01%7Cmoter%40austin.utexas.edu%7C877 > > 19 > > > 229ad54467ff98808d7b0576033%7C31d7e2a5bdd8414e9e97bea998ebdfe1%7C1%7 > > C1 > > > %7C637171761658405405&sdata=9dY6eOGTKimEYqydWbRFROldOTNRM16t1cae > > Uh > > > bBTiY%3D&reserved=0 but this is currently not used by SSSD. And > > in > > > general I think using GSS-SPNEGO is sufficient since there is no > > requirement to switch to ldaps (if I read the advisory correctly) and AD > > does not enable ldaps by default as well. > > > > > > bye, > > > Sumit > > > > > > > > > > > Everytime, this task is executed, our AD write into its log that an > > > unsighned request came from my linux server. I tried to set ldap_tls_cert > > > and ldap_tls_key into sssd.conf which point to the cert and key generated > > > by our AD, but without success. > > > > > > > > I tried to find a proper solution how to sign the request that AD stop > > > complaining, but nothing usefull found. > > > > > > > > My question is. Should I be affraid that after the patching, our AD will > > > stop to communicate with my linux servers? > > > > > > > > Really thanks in advance for your answer. I really appreciate your effort. > > > > _______________________________________________ > > > > sssd-users mailing list -- > > > [email protected]<mailto:[email protected] > > > sted.org> To > > > > unsubscribe send an email to > > > [email protected]<mailto:sssd-users-leave@li > > > sts.fedorahosted.org> > > > > Fedora Code of Conduct: > > > > https://nam05.safelinks.protection.outlook.com/?url=https%3A%2F%2F > > > do > > > > cs > > > > .fedoraproject.org%2Fen-US%2Fproject%2Fcode-of-conduct%2F&data > > > =0 > > > > 2% > > > > 7C01%7Cmoter%40austin.utexas.edu%7Cc0f76fa86d4d42c2aef608d7ab204bc > > > 2% > > > > 7C > > > > 31d7e2a5bdd8414e9e97bea998ebdfe1%7C1%7C0%7C637166027507304667& > > > sd > > > > at > > > > a=v3APmwlHF3i9zi1WE950DEAqCMJCirnyPC4YyF2xJPQ%3D&reserved=0 > > > > List Guidelines: > > > > https://nam05.safelinks.protection.outlook.com/?url=https%3A%2F%2F > > > fe > > > > do > > > > raproject.org%2Fwiki%2FMailing_list_guidelines&data=02%7C01%7C > > > mo > > > > te > > > > r%40austin.utexas.edu%7Cc0f76fa86d4d42c2aef608d7ab204bc2%7C31d7e2a > > > 5b > > > > dd > > > > 8414e9e97bea998ebdfe1%7C1%7C0%7C637166027507304667&sdata=QUgcp > > > i8 > > > > 2T > > > > TRy7qanAkjRey8ZpC2GDy7%2BJ7yXeOrtb8I%3D&reserved=0 > > > > List Archives: > > > > https://nam05.safelinks.protection.outlook.com/?url=https%3A%2F%2F > > > li > > > > st > > > > s.fedorahosted.org%2Farchives%2Flist%2Fsssd-users%40lists.fedoraho > > > st > > > > ed > > > > .org&data=02%7C01%7Cmoter%40austin.utexas.edu%7Cc0f76fa86d4d42 > > > c2 > > > > ae > > > > f608d7ab204bc2%7C31d7e2a5bdd8414e9e97bea998ebdfe1%7C1%7C0%7C637166 > > > 02 > > > > 75 > > > > 07314661&sdata=oDU3WxA3dStxFQ09%2Fc8qU7qGh1P5w3a9rSe9trG8%2Bx4 > > > %3 > > > > D& > > > > amp;reserved=0 > > > > > > > _______________________________________________ > > > > sssd-users mailing list -- > > > [email protected]<mailto:[email protected] > > > sted.org> To > > > > unsubscribe send an email to > > > [email protected]<mailto:sssd-users-leave@li > > > sts.fedorahosted.org> > > > > Fedora Code of Conduct: > > > > https://nam05.safelinks.protection.outlook.com/?url=https%3A%2F%2F > > > do > > > > cs > > > > .fedoraproject.org%2Fen-US%2Fproject%2Fcode-of-conduct%2F&data > > > =0 > > > > 2% > > > > 7C01%7Cmoter%40austin.utexas.edu%7Cc0f76fa86d4d42c2aef608d7ab204bc > > > 2% > > > > 7C > > > > 31d7e2a5bdd8414e9e97bea998ebdfe1%7C1%7C0%7C637166027507314661& > > > sd > > > > at > > > > a=b%2Fu1IXQ%2F42XEq3c6DYwzTyYno4azJb3qvUtPiZmOdrc%3D&reserved= > > > 0 > > > > List Guidelines: > > > > https://nam05.safelinks.protection.outlook.com/?url=https%3A%2F%2F > > > fe > > > > do > > > > raproject.org%2Fwiki%2FMailing_list_guidelines&data=02%7C01%7C > > > mo > > > > te > > > > r%40austin.utexas.edu%7Cc0f76fa86d4d42c2aef608d7ab204bc2%7C31d7e2a > > > 5b > > > > dd > > > > 8414e9e97bea998ebdfe1%7C1%7C0%7C637166027507314661&sdata=CIJal > > > 5z > > > > 4E > > > > nNOIQFsuveKmlEK1wMzIx79ZaXavinrtsk%3D&reserved=0 > > > > List Archives: > > > > https://nam05.safelinks.protection.outlook.com/?url=https%3A%2F%2F > > > li > > > > st > > > > s.fedorahosted.org%2Farchives%2Flist%2Fsssd-users%40lists.fedoraho > > > st > > > > ed > > > > .org&data=02%7C01%7Cmoter%40austin.utexas.edu%7Cc0f76fa86d4d42 > > > c2 > > > > ae > > > > f608d7ab204bc2%7C31d7e2a5bdd8414e9e97bea998ebdfe1%7C1%7C0%7C637166 > > > 02 > > > > 75 > > > > 07314661&sdata=oDU3WxA3dStxFQ09%2Fc8qU7qGh1P5w3a9rSe9trG8%2Bx4 > > > %3 > > > > D& > > > > amp;reserved=0 > > > _______________________________________________ > > > sssd-users mailing list -- > > [email protected]<mailto:[email protected] > > ed.org> To > > > unsubscribe send an email to > > [email protected]<mailto:sssd-users-leave@list > > s.fedorahosted.org> > > > Fedora Code of Conduct: > > > https://nam05.safelinks.protection.outlook.com/?url=https%3A%2F%2Fdo > > cs > > > .fedoraproject.org%2Fen-US%2Fproject%2Fcode-of-conduct%2F&data=0 > > 2% > > > 7C01%7Cmoter%40austin.utexas.edu%7C87719229ad54467ff98808d7b0576033% > > 7C > > > 31d7e2a5bdd8414e9e97bea998ebdfe1%7C1%7C1%7C637171761658415397&sd > > at > > > a=CY5%2B8lrh6B9UIqXNYXSzpIyeRI93sHge9cuKB8KDBdk%3D&reserved=0 > > > List Guidelines: > > > https://nam05.safelinks.protection.outlook.com/?url=https%3A%2F%2Ffe > > do > > > raproject.org%2Fwiki%2FMailing_list_guidelines&data=02%7C01%7Cmo > > te > > > r%40austin.utexas.edu%7C87719229ad54467ff98808d7b0576033%7C31d7e2a5b > > dd > > > 8414e9e97bea998ebdfe1%7C1%7C1%7C637171761658415397&sdata=uFxkGT3 > > GV > > > Y3moV7TxfDo%2BNHyz%2B8AUbVpApIxs3PTmzs%3D&reserved=0 > > > List Archives: > > > https://nam05.safelinks.protection.outlook.com/?url=https%3A%2F%2Fli > > st > > > s.fedorahosted.org%2Farchives%2Flist%2Fsssd-users%40lists.fedorahost > > ed > > > .org&data=02%7C01%7Cmoter%40austin.utexas.edu%7C87719229ad54467f > > f9 > > > 8808d7b0576033%7C31d7e2a5bdd8414e9e97bea998ebdfe1%7C1%7C1%7C63717176 > > 16 > > > 58415397&sdata=qZHqxPWZzftm51GK%2F29gM3NM9f5QnsoRQE2kqWGs3Os%3D& > > am > > > p;reserved=0 > > > >> This message is from an external sender. Learn more about why > > >> this << > > > >> matters at https://links.utexas.edu/rtyclf. << > > > _______________________________________________ > > > sssd-users mailing list -- > > [email protected]<mailto:[email protected] > > ed.org> To > > > unsubscribe send an email to > > [email protected]<mailto:sssd-users-leave@list > > s.fedorahosted.org> > > > Fedora Code of Conduct: > > > https://nam05.safelinks.protection.outlook.com/?url=https%3A%2F%2Fdo > > cs > > > .fedoraproject.org%2Fen-US%2Fproject%2Fcode-of-conduct%2F&data=0 > > 2% > > > 7C01%7Cmoter%40austin.utexas.edu%7C87719229ad54467ff98808d7b0576033% > > 7C > > > 31d7e2a5bdd8414e9e97bea998ebdfe1%7C1%7C1%7C637171761658415397&sd > > at > > > a=CY5%2B8lrh6B9UIqXNYXSzpIyeRI93sHge9cuKB8KDBdk%3D&reserved=0 > > > List Guidelines: > > > https://nam05.safelinks.protection.outlook.com/?url=https%3A%2F%2Ffe > > do > > > raproject.org%2Fwiki%2FMailing_list_guidelines&data=02%7C01%7Cmo > > te > > > r%40austin.utexas.edu%7C87719229ad54467ff98808d7b0576033%7C31d7e2a5b > > dd > > > 8414e9e97bea998ebdfe1%7C1%7C1%7C637171761658415397&sdata=uFxkGT3 > > GV > > > Y3moV7TxfDo%2BNHyz%2B8AUbVpApIxs3PTmzs%3D&reserved=0 > > > List Archives: > > > https://nam05.safelinks.protection.outlook.com/?url=https%3A%2F%2Fli > > st > > > s.fedorahosted.org%2Farchives%2Flist%2Fsssd-users%40lists.fedorahost > > ed > > > .org&data=02%7C01%7Cmoter%40austin.utexas.edu%7C87719229ad54467f > > f9 > > > 8808d7b0576033%7C31d7e2a5bdd8414e9e97bea998ebdfe1%7C1%7C1%7C63717176 > > 16 > > > 58415397&sdata=qZHqxPWZzftm51GK%2F29gM3NM9f5QnsoRQE2kqWGs3Os%3D& > > am > > > p;reserved=0 > > _______________________________________________ > > sssd-users mailing list -- > [email protected]<mailto:[email protected] > .org> To unsubscribe send an email to > [email protected]<mailto:sssd-users-leave@lists. > fedorahosted.org> > > Fedora Code of Conduct: > https://nam05.safelinks.protection.outlook.com/?url=https%3A%2F%2Fdocs > .fedoraproject.org%2Fen-US%2Fproject%2Fcode-of-conduct%2F&data=02% > 7C01%7Cmoter%40austin.utexas.edu%7C282ee4414b1242200e5908d7b0944929%7C > 31d7e2a5bdd8414e9e97bea998ebdfe1%7C1%7C0%7C637172023246950934&sdat > a=vSoy%2BB6PumDUGbPgpbIip%2F4NVQSev5zeLn5q6czf7Iw%3D&reserved=0 > > List Guidelines: > https://nam05.safelinks.protection.outlook.com/?url=https%3A%2F%2Ffedo > raproject.org%2Fwiki%2FMailing_list_guidelines&data=02%7C01%7Cmote > r%40austin.utexas.edu%7C282ee4414b1242200e5908d7b0944929%7C31d7e2a5bdd > 8414e9e97bea998ebdfe1%7C1%7C1%7C637172023246960925&sdata=zH1dfRZEX > 1IkkAWUBORT62TbdyCptLfFTR0LXj6YKAo%3D&reserved=0 > > List Archives: > https://nam05.safelinks.protection.outlook.com/?url=https%3A%2F%2Flist > s.fedorahosted.org%2Farchives%2Flist%2Fsssd-users%40lists.fedorahosted > .org&data=02%7C01%7Cmoter%40austin.utexas.edu%7C282ee4414b1242200e > 5908d7b0944929%7C31d7e2a5bdd8414e9e97bea998ebdfe1%7C1%7C1%7C6371720232 > 46960925&sdata=9TGUHFXcI%2F%2B%2F8mbnbSrdiYYlghMPkddrwQ3jS%2FB%2BJ > 1g%3D&reserved=0 > > >> This message is from an external sender. Learn more about why this > >> << > > >> matters at https://links.utexas.edu/rtyclf. << > _______________________________________________ > sssd-users mailing list -- [email protected] To > unsubscribe send an email to [email protected] > Fedora Code of Conduct: > https://nam05.safelinks.protection.outlook.com/?url=https%3A%2F%2Fdocs > .fedoraproject.org%2Fen-US%2Fproject%2Fcode-of-conduct%2F&data=02% > 7C01%7Cmoter%40austin.utexas.edu%7C282ee4414b1242200e5908d7b0944929%7C > 31d7e2a5bdd8414e9e97bea998ebdfe1%7C1%7C0%7C637172023246960925&sdat > a=9uSFPFkpIr5qK0W13Hes8pno8hu3WC0E1jqGkcCLTrQ%3D&reserved=0 > List Guidelines: > https://nam05.safelinks.protection.outlook.com/?url=https%3A%2F%2Ffedo > raproject.org%2Fwiki%2FMailing_list_guidelines&data=02%7C01%7Cmote > r%40austin.utexas.edu%7C282ee4414b1242200e5908d7b0944929%7C31d7e2a5bdd > 8414e9e97bea998ebdfe1%7C1%7C1%7C637172023246960925&sdata=zH1dfRZEX > 1IkkAWUBORT62TbdyCptLfFTR0LXj6YKAo%3D&reserved=0 > List Archives: > https://nam05.safelinks.protection.outlook.com/?url=https%3A%2F%2Flist > s.fedorahosted.org%2Farchives%2Flist%2Fsssd-users%40lists.fedorahosted > .org&data=02%7C01%7Cmoter%40austin.utexas.edu%7C282ee4414b1242200e > 5908d7b0944929%7C31d7e2a5bdd8414e9e97bea998ebdfe1%7C1%7C1%7C6371720232 > 46960925&sdata=9TGUHFXcI%2F%2B%2F8mbnbSrdiYYlghMPkddrwQ3jS%2FB%2BJ > 1g%3D&reserved=0 _______________________________________________ sssd-users mailing list -- [email protected] To unsubscribe send an email to [email protected] Fedora Code of Conduct: https://nam05.safelinks.protection.outlook.com/?url=https%3A%2F%2Fdocs.fedoraproject.org%2Fen-US%2Fproject%2Fcode-of-conduct%2F&data=02%7C01%7Cmoter%40austin.utexas.edu%7C282ee4414b1242200e5908d7b0944929%7C31d7e2a5bdd8414e9e97bea998ebdfe1%7C1%7C0%7C637172023246960925&sdata=9uSFPFkpIr5qK0W13Hes8pno8hu3WC0E1jqGkcCLTrQ%3D&reserved=0 List Guidelines: https://nam05.safelinks.protection.outlook.com/?url=https%3A%2F%2Ffedoraproject.org%2Fwiki%2FMailing_list_guidelines&data=02%7C01%7Cmoter%40austin.utexas.edu%7C282ee4414b1242200e5908d7b0944929%7C31d7e2a5bdd8414e9e97bea998ebdfe1%7C1%7C1%7C637172023246960925&sdata=zH1dfRZEX1IkkAWUBORT62TbdyCptLfFTR0LXj6YKAo%3D&reserved=0 List Archives: https://nam05.safelinks.protection.outlook.com/?url=https%3A%2F%2Flists.fedorahosted.org%2Farchives%2Flist%2Fsssd-users%40lists.fedorahosted.org&data=02%7C01%7Cmoter%40austin.utexas.edu%7C282ee4414b1242200e5908d7b0944929%7C31d7e2a5bdd8414e9e97bea998ebdfe1%7C1%7C1%7C637172023246960925&sdata=9TGUHFXcI%2F%2B%2F8mbnbSrdiYYlghMPkddrwQ3jS%2FB%2BJ1g%3D&reserved=0 >> This message is from an external sender. Learn more about why this << >> matters at https://links.utexas.edu/rtyclf. << _______________________________________________ sssd-users mailing list -- [email protected] To unsubscribe send an email to [email protected] Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/[email protected]
