On Thu, Feb 13, 2020 at 03:02:59PM +0000, Mote, Todd wrote: > ldapsearch -H ldap://ad-server.ADTEST.domain.com -Y GSSAPI -b '' -s base
Hi, all the other ldapsearch commands caused no message? What is the number shown after 'SASL SSF:' in the output of the ldapsearch from above? Can you send a network trace covering the ldapsearch from above? bye, Sumit > > causes this event > > 02/13/2020 08:59:28 AM > LogName=Directory Service > SourceName=Microsoft-Windows-ActiveDirectory_DomainService > EventCode=2889 > EventType=4 > Type=Information > ComputerName=dc.adtest.domain.com > User=ANONYMOUS LOGON > Sid=S-1-5-7 > SidType=5 > TaskCategory=LDAP Interface > OpCode=The operation completed successfully. > RecordNumber=247387 > Keywords=Classic > Message=The following client performed a SASL > (Negotiate/Kerberos/NTLM/Digest) LDAP bind without requesting signing > (integrity verification), or performed a simple bind over a clear text > (non-SSL/TLS-encrypted) LDAP connection. > > Client IP address: > xxx.xxx.xxx.xxx:47824 > Identity the client attempted to authenticate as: > ADTEST\ANTI-TEST$ > Binding Type: > 0 > > -----Original Message----- > From: Sumit Bose <[email protected]> > Sent: Thursday, February 13, 2020 8:51 AM > To: End-user discussions about the System Security Services Daemon > <[email protected]> > Subject: [SSSD-users] Re: sssd 1.16.4. ADV190023. > > On Thu, Feb 13, 2020 at 01:42:33PM +0000, Mote, Todd wrote: > > I'll work on getting that today. This is what I know so far. > > > > > > > > Test system updated through our Satellite, so nothing special or different. > > Yum updated everything: > > > > RHEL 7.7 > > > > sssd-1.16.4-21.el7_7.1.x86_64 > > > > adcli-0.8.1-9.el7.x86_64 > > > > > > > > Domain: > > > > Windows Server 2016 > > > > regkey ldapserverintegrity=2 > > > > regkey ldapenforcechannelbinding=1 > > > > > > > > we splunk our domain logs and my coworker wrote a dashboard to display the > > entries when either simple binds or unsigned sasl occur. Over the last 24 > > hours my test host triggered the unsigned sasl entry 13 times. Each entry > > corresponds precisely to the adcli check password attempt in the logs. It > > doesn't log an unsigned sasl event every hour, and a couple of times not at > > all for several hours. I'm not sure what's behind that. Times here are > > UTC -6. I’m in the 7:00 hour here. The most recent entry is below. I’ll > > work to get a trace running by the next hour, in case it logs it again. > > Hi, > > can you try to run the following ldapsearch commands and check which one > causes a message in the event log? > > ldapsearch -H cldap://ad-server.ADTEST.domain.com -b '' -s base > '(&(DnsDomain=ADTEST.domain.com)(NtVer=\14\00\00\00))' netlogon > > ldapsearch -H ldap://ad-server.ADTEST.domain.com -x -b '' -s base > '(&(DnsDomain=ADTEST.domain.com)(NtVer=\14\00\00\00))' netlogon > > ldapsearch -H ldap://ad-server.ADTEST.domain.com -x -b '' -s base > > kinit '[email protected]' > ldapsearch -H ldap://ad-server.ADTEST.domain.com -Y GSSAPI -b '' -s base > > kinit '[email protected]' > ldapsearch -H ldap://ad-server.ADTEST.domain.com -Y GSS-SPNEGO -b '' -s > base > > bye, > Sumit > > > > > > > > > This behavior also happens with RHEL 8, sssd 2.2 and adcli 0.8.2. I see > > the same entries logged in both the sssd log on the device and the domain. > > > > > > Timestamp<https://splunk.security.utexas.edu/en-US/app/ut_itsy-ad-moni > > toring/search?earliest=-24h%40h&latest=now&q=search%20%60ADlogs%60%20s > > ource%3D%22WinEventLog%3ADirectory%20Service%22%20EventCode%3D2889%20% > > 7C%20rex%20field%3DMessage%20%22(%3Fs)%5E(%3F%3CeMessage%3E.*%5C.)%5Cs > > *Client%20IP%20address%3A%5Cs*(%3F%3CClientIPAddress%3E.*)%3A(%3F%3CPo > > rt%3E%5Cd%2B)%5Cs*Identity%20the%20client%20attempted%20to%20authentic > > ate%20as%3A%5Cs*(%3F%3CUserName%3E%5CS*)%5Cs*Binding%20Type%3A%5Cs*(%3 > > F%3CBindingType%3E%5Cd)%24%22%20%7C%20eval%20Timestamp%3Dstrftime(_tim > > e%2C%20%22%25m-%25d-%25Y%20%25H%3A%25M%3A%25S%22)%20%7C%20lookup%20dns > > lookup%20clientip%20as%20ClientIPAddress%20OUTPUT%20clienthost%20as%20 > > FQDN%20%7C%20search%20BindingType%3D*%20ClientIPAddress%3D146.6.182.22 > > 6%20%7C%20%20eval%20BindingType%3Dcase(BindingType%3D%3D0%2C%22Unsigne > > d%20SASL%22%2CBindingType%3D%3D1%2C%22Simple%22)%20%7C%20sort%20-Times > > tamp%20%7C%20rename%20ClientIPAddress%20as%20%22Client%20IP%20Address% > > 22%2CUserName%20as%20%22User%20Name%22%2CBindingType%20as%20%22Binding > > %20Type%22%20%7C%20table%20Timestamp%2C%22Client%20IP%20Address%22%2CF > > QDN%2C%22User%20Name%22%2C%22Binding%20Type%22&display.page.search.mod > > e=smart&dispatch.sample_ratio=1&display.page.search.tab=statistics&dis > > play.general.type=statistics&display.statistics.sortColumn=Timestamp&d > > isplay.statistics.sortDirection=desc&sid=1581600147.468973_8220FB8F-01 > > FA-4F7E-929B-F56DE7E31D3B> User > > Name<https://splunk.security.utexas.edu/en-US/app/ut_itsy-ad-monitorin > > g/search?earliest=-24h%40h&latest=now&q=search%20%60ADlogs%60%20source > > %3D%22WinEventLog%3ADirectory%20Service%22%20EventCode%3D2889%20%7C%20 > > rex%20field%3DMessage%20%22(%3Fs)%5E(%3F%3CeMessage%3E.*%5C.)%5Cs*Clie > > nt%20IP%20address%3A%5Cs*(%3F%3CClientIPAddress%3E.*)%3A(%3F%3CPort%3E > > %5Cd%2B)%5Cs*Identity%20the%20client%20attempted%20to%20authenticate%2 > > 0as%3A%5Cs*(%3F%3CUserName%3E%5CS*)%5Cs*Binding%20Type%3A%5Cs*(%3F%3CB > > indingType%3E%5Cd)%24%22%20%7C%20eval%20Timestamp%3Dstrftime(_time%2C% > > 20%22%25m-%25d-%25Y%20%25H%3A%25M%3A%25S%22)%20%7C%20lookup%20dnslooku > > p%20clientip%20as%20ClientIPAddress%20OUTPUT%20clienthost%20as%20FQDN% > > 20%7C%20search%20BindingType%3D*%20ClientIPAddress%3D146.6.182.226%20% > > 7C%20%20eval%20BindingType%3Dcase(BindingType%3D%3D0%2C%22Unsigned%20S > > ASL%22%2CBindingType%3D%3D1%2C%22Simple%22)%20%7C%20sort%20-Timestamp% > > 20%7C%20rename%20ClientIPAddress%20as%20%22Client%20IP%20Address%22%2C > > UserName%20as%20%22User%20Name%22%2CBindingType%20as%20%22Binding%20Ty > > pe%22%20%7C%20table%20Timestamp%2C%22Client%20IP%20Address%22%2CFQDN%2 > > C%22User%20Name%22%2C%22Binding%20Type%22&display.page.search.mode=sma > > rt&dispatch.sample_ratio=1&display.page.search.tab=statistics&display. > > general.type=statistics&display.statistics.sortColumn=Timestamp&displa > > y.statistics.sortDirection=desc&sid=1581600147.468973_8220FB8F-01FA-4F > > 7E-929B-F56DE7E31D3B> Binding > > Type<https://splunk.security.utexas.edu/en-US/app/ut_itsy-ad-monitorin > > g/search?earliest=-24h%40h&latest=now&q=search%20%60ADlogs%60%20source > > %3D%22WinEventLog%3ADirectory%20Service%22%20EventCode%3D2889%20%7C%20 > > rex%20field%3DMessage%20%22(%3Fs)%5E(%3F%3CeMessage%3E.*%5C.)%5Cs*Clie > > nt%20IP%20address%3A%5Cs*(%3F%3CClientIPAddress%3E.*)%3A(%3F%3CPort%3E > > %5Cd%2B)%5Cs*Identity%20the%20client%20attempted%20to%20authenticate%2 > > 0as%3A%5Cs*(%3F%3CUserName%3E%5CS*)%5Cs*Binding%20Type%3A%5Cs*(%3F%3CB > > indingType%3E%5Cd)%24%22%20%7C%20eval%20Timestamp%3Dstrftime(_time%2C% > > 20%22%25m-%25d-%25Y%20%25H%3A%25M%3A%25S%22)%20%7C%20lookup%20dnslooku > > p%20clientip%20as%20ClientIPAddress%20OUTPUT%20clienthost%20as%20FQDN% > > 20%7C%20search%20BindingType%3D*%20ClientIPAddress%3D146.6.182.226%20% > > 7C%20%20eval%20BindingType%3Dcase(BindingType%3D%3D0%2C%22Unsigned%20S > > ASL%22%2CBindingType%3D%3D1%2C%22Simple%22)%20%7C%20sort%20-Timestamp% > > 20%7C%20rename%20ClientIPAddress%20as%20%22Client%20IP%20Address%22%2C > > UserName%20as%20%22User%20Name%22%2CBindingType%20as%20%22Binding%20Ty > > pe%22%20%7C%20table%20Timestamp%2C%22Client%20IP%20Address%22%2CFQDN%2 > > C%22User%20Name%22%2C%22Binding%20Type%22&display.page.search.mode=sma > > rt&dispatch.sample_ratio=1&display.page.search.tab=statistics&display. > > general.type=statistics&display.statistics.sortColumn=Timestamp&displa > > y.statistics.sortDirection=desc&sid=1581600147.468973_8220FB8F-01FA-4F > > 7E-929B-F56DE7E31D3B> > > 02-13-2020 07:12:33 > > ADTEST\ANTI-TEST$ > > Unsigned SASL > > 02-13-2020 05:12:34 > > ADTEST\ANTI-TEST$ > > Unsigned SASL > > 02-13-2020 03:12:34 > > ADTEST\ANTI-TEST$ > > Unsigned SASL > > 02-13-2020 02:12:35 > > ADTEST\ANTI-TEST$ > > Unsigned SASL > > 02-13-2020 01:12:34 > > ADTEST\ANTI-TEST$ > > Unsigned SASL > > 02-12-2020 23:12:34 > > ADTEST\ANTI-TEST$ > > Unsigned SASL > > 02-12-2020 22:12:34 > > ADTEST\ANTI-TEST$ > > Unsigned SASL > > 02-12-2020 19:12:34 > > ADTEST\ANTI-TEST$ > > Unsigned SASL > > 02-12-2020 17:12:34 > > ADTEST\ANTI-TEST$ > > Unsigned SASL > > 02-12-2020 14:12:34 > > ADTEST\ANTI-TEST$ > > Unsigned SASL > > 02-12-2020 13:12:34 > > ADTEST\ANTI-TEST$ > > Unsigned SASL > > 02-12-2020 09:12:35 > > ADTEST\ANTI-TEST$ > > Unsigned SASL > > 02-12-2020 08:12:34 > > ADTEST\ANTI-TEST$ > > Unsigned SASL > > > > > > > > > > > > (Thu Feb 13 07:12:33 2020) [sssd[be[adtest.domain.com]]] > > [ad_machine_account_password_renewal_done] (0x1000): --- adcli output > > start--- > > > > * Found realm in keytab: ADTEST.domain.com > > > > * Found computer name in keytab: ANTI-TEST > > > > * Found service principal in keytab: host/ANTI-TEST > > > > * Found service principal in keytab: host/anti-test.adtest.domain.com > > > > * Found host qualified name in keytab: anti-test.adtest.domain.com > > > > * Found service principal in keytab: RestrictedKrbHost/ANTI-TEST > > > > * Found service principal in keytab: > > RestrictedKrbHost/anti-test.adtest.domain.com > > > > * Using fully qualified name: anti-test.adtest.domain.com > > > > * Using domain name: adtest.domain.com > > > > * Calculated computer account name from fqdn: ANTI-TEST > > > > * Using domain realm: adtest.domain.com > > > > * Sending netlogon pings to domain controller: cldap:// > > xxx.xxx.xxx.xxx > > > > * Received NetLogon info from: dc01a.adtest.domain.com > > > > * Wrote out krb5.conf snippet to > > /tmp/adcli-krb5-RCmgmC/krb5.d/adcli-krb5-conf-vPdhBf > > > > * Authenticated as default/reset computer account: ANTI-TEST > > > > * Looked up short domain name: ADTEST > > > > * Looked up domain SID: S-1-5-21-xxxxxxxxxx-xxxxxxxxxx-xxxxxxxxx > > > > * Using fully qualified name: anti-test.adtest.domain.com > > > > * Using domain name: adtest.domain.com > > > > * Using computer account name: ANTI-TEST > > > > * Using domain realm: adtest.domain.com > > > > * Using fully qualified name: anti-test.adtest.domain.com > > > > * Enrolling computer name: ANTI-TEST > > > > * Generated 120 character computer password > > > > * Using keytab: FILE:/etc/krb5.keytab > > > > * Found computer account for ANTI-TEST$ at: > > CN=ANTI-TEST,OU=Dev,OU=Linux,OU=moter,OU=ITSY-Staff,OU=ITSY,OU=Departm > > ents,DC=adtest,DC=domain,DC=com > > > > * Retrieved kvno '6' for computer account in directory: > > CN=ANTI-TEST,OU=Dev,OU=Linux,OU=moter,OU=ITSY-Staff,OU=ITSY,OU=Departm > > ents,DC=adtest,DC=domain,DC=com > > > > * Password not too old, no change needed > > > > * Sending netlogon pings to domain controller: cldap://xxx.xxx.xxx.xxx > > > > * Received NetLogon info from: dc01a.adtest.domain.com > > > > * Checking RestrictedKrbHost/anti-test.adtest.domain.com > > > > * Added RestrictedKrbHost/anti-test.adtest.domain.com > > > > * Checking host/anti-test.adtest.domain.com > > > > * Added host/anti-test.adtest.domain.com > > > > * Checking RestrictedKrbHost/ANTI-TEST > > > > * Added RestrictedKrbHost/ANTI-TEST > > > > * Checking host/ANTI-TEST > > > > * Added host/ANTI-TEST > > > > ---adcli output end--- > > > > > > > > Todd > > > > > > > > -----Original Message----- > > From: Sumit Bose <[email protected]> > > Sent: Thursday, February 13, 2020 1:36 AM > > To: [email protected] > > Subject: [SSSD-users] Re: sssd 1.16.4. ADV190023. > > > > > > > > On Wed, Feb 12, 2020 at 01:11:14PM +0000, Mote, Todd wrote: > > > > > Sumit > > > > > > > > > > Any idea on when your SASL/GSS-SPNEGO patch for adcli might make it > > > downstream? It seems that adcli is checking once an hour on the age of > > > the password and is the only thing left on my test hosts that is > > > triggering the Unsigned SASL event on our domain controllers. I have > > > tinkered with the GSSAPI and other settings in ldap.conf, so none of the > > > connections are simple, just unsigned, which isn't terrible, but it'd be > > > nice to eliminate them altogether, ya know? > > > > > > > > Hi, > > > > > > > > they are planned for the next RHEL releases and I'm about to prepare Fedora > > packages. > > > > > > > > I did some tests with older RHEL7 versions and didn't come across issues > > even with only SASL/GSSAPI when I enforce channel binding and LDAP signing > > on AD. Would it be possible to send a network trace which covers the > > connection attempt of adcli which causes the issue? > > > > > > > > bye, > > > > Sumit > > > > > > > > > > > > > > Todd > > > > > > > > > > -----Original Message----- > > > > > From: Sumit Bose <[email protected]<mailto:[email protected]>> > > > > > Sent: Thursday, February 6, 2020 10:18 AM > > > > > To: > > > [email protected]<mailto:[email protected] > > > ed.org> > > > > > Subject: [SSSD-users] Re: sssd 1.16.4. ADV190023. > > > > > > > > > > On Thu, Feb 06, 2020 at 03:05:13PM +0000, Ondrej Valousek wrote: > > > > > > did you try refreshing the machine password in AD?Looks like it's too > > > > old. > > > > > > O. > > > > > > ________________________________ > > > > > > From: David David <[email protected]<mailto:[email protected]>> > > > > > > Sent: Thursday, February 6, 2020 12:09 PM > > > > > > To: > > > > [email protected]<mailto:[email protected] > > > > sted.org> > > > > > > <[email protected]<mailto:[email protected] > > > > osted.org>> > > > > > > Subject: [SSSD-users] sssd 1.16.4. ADV190023. > > > > > > > > > > > > Hello, > > > > > > i guess that you probably heard about ADV190023. Our AD admin told me > > > > that linux servers which are under my responsibility send an unsigned > > > > request to AD, what could be a problem related to this incomming Ad > > > > patch: > > > > https://nam05.safelinks.protection.outlook.com/?url=https%3A%2F%2Fsupport.microsoft.com%2Fen-us%2Fhelp%2F4520412%2F2020-ldap-channel-binding-and-ldap-signing-requirement-for-windows&data=02%7C01%7Cmoter%40austin.utexas.edu%7C282ee4414b1242200e5908d7b0944929%7C31d7e2a5bdd8414e9e97bea998ebdfe1%7C1%7C0%7C637172023246950934&sdata=jfHdRpn6S5Eq04rAnU%2FwvhbMLCw3RSDZo9nNAEaC7Tg%3D&reserved=0. > > > > > > > > > > > > I am using sssd in "sssd-ad mode." The communication between a linux > > > > servers and our AD is crypted by kerberos, so this should be ok. > > > > > > > > > > > > I found only one kind of request which could result in potential > > > > failure. After mentioned patching implementation. See please below: > > > > > > > > > > > > (Wed Feb 5 16:57:21 2020) [sssd[be[AD]]] [be_ptask_execute] (0x0400): > > > > > > Task [AD machine account password renewal]: executing task, > > > > timeout > > > > > > 60 seconds (Wed Feb 5 16:57:21 2020) [sssd[be[AD]]] > > > > [be_ptask_done] > > > > > > (0x0400): Task [AD machine account password renewal]: finished > > > > > > successfully (Wed Feb 5 16:57:21 2020) [sssd[be[AD]]] > > > > > > [be_ptask_schedule] (0x0400): Task [AD machine account password > > > > > > renewal]: scheduling task 86400 seconds from last > > > > > > > > > > Hi, > > > > > > > > > > Ondrej is right, those messages are related to adcli trying to > > > update > > > > > the machine account password if it is too old. To check when the > > > > > password was last updated adcli uses LDAP with SASL/GSSAPI. I've > > > added > > > > > a patch so that SASL/GSS-SPNEGO is used when it is available in the > > > AD > > > > > DC side > > > > > https://nam05.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgi > > > tl > > > > > ab.freedesktop.org%2Frealmd%2Fadcli%2Fcommit%2Fa6f795ba3d6048b32d786 > > > 34 > > > > > 68688bf7f42b2cafd&data=02%7C01%7Cmoter%40austin.utexas.edu%7C877 > > > 19 > > > > > 229ad54467ff98808d7b0576033%7C31d7e2a5bdd8414e9e97bea998ebdfe1%7C1%7 > > > C1 > > > > > %7C637171761658405405&sdata=rPcG9mknHufVZUy6ege6n2vx%2B1Hy5XQhDn > > > 7H > > > > > 8ugqlzA%3D&reserved=0 With SASL/GSS-SPNEGO all requirements are > > > > > negotiated automatically and signing should be switched on if required. > > > > > > > > > > With SASL/GSSAPI you might be able to tune this manually, see e.g. the > > > SASL and GSSAPI options in man ldap.conf for details. > > > > > > > > > > There is also a patch for adcli which tells adcli to use ldaps > > > > > https://nam05.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgi > > > tl > > > > > ab.freedesktop.org%2Frealmd%2Fadcli%2Fcommit%2F85097245b57f190337225 > > > db > > > > > dbf6e33b58616c092&data=02%7C01%7Cmoter%40austin.utexas.edu%7C877 > > > 19 > > > > > 229ad54467ff98808d7b0576033%7C31d7e2a5bdd8414e9e97bea998ebdfe1%7C1%7 > > > C1 > > > > > %7C637171761658405405&sdata=9dY6eOGTKimEYqydWbRFROldOTNRM16t1cae > > > Uh > > > > > bBTiY%3D&reserved=0 but this is currently not used by SSSD. And > > > in > > > > > general I think using GSS-SPNEGO is sufficient since there is no > > > requirement to switch to ldaps (if I read the advisory correctly) and AD > > > does not enable ldaps by default as well. > > > > > > > > > > bye, > > > > > Sumit > > > > > > > > > > > > > > > > > Everytime, this task is executed, our AD write into its log that an > > > > unsighned request came from my linux server. I tried to set > > > > ldap_tls_cert and ldap_tls_key into sssd.conf which point to the cert > > > > and key generated by our AD, but without success. > > > > > > > > > > > > I tried to find a proper solution how to sign the request that AD stop > > > > complaining, but nothing usefull found. > > > > > > > > > > > > My question is. Should I be affraid that after the patching, our AD > > > > will stop to communicate with my linux servers? > > > > > > > > > > > > Really thanks in advance for your answer. I really appreciate your > > > > effort. > > > > > > _______________________________________________ > > > > > > sssd-users mailing list -- > > > > [email protected]<mailto:[email protected] > > > > sted.org> To > > > > > > unsubscribe send an email to > > > > [email protected]<mailto:sssd-users-leave@li > > > > sts.fedorahosted.org> > > > > > > Fedora Code of Conduct: > > > > > > https://nam05.safelinks.protection.outlook.com/?url=https%3A%2F%2F > > > > do > > > > > > cs > > > > > > .fedoraproject.org%2Fen-US%2Fproject%2Fcode-of-conduct%2F&data > > > > =0 > > > > > > 2% > > > > > > 7C01%7Cmoter%40austin.utexas.edu%7Cc0f76fa86d4d42c2aef608d7ab204bc > > > > 2% > > > > > > 7C > > > > > > 31d7e2a5bdd8414e9e97bea998ebdfe1%7C1%7C0%7C637166027507304667& > > > > sd > > > > > > at > > > > > > a=v3APmwlHF3i9zi1WE950DEAqCMJCirnyPC4YyF2xJPQ%3D&reserved=0 > > > > > > List Guidelines: > > > > > > https://nam05.safelinks.protection.outlook.com/?url=https%3A%2F%2F > > > > fe > > > > > > do > > > > > > raproject.org%2Fwiki%2FMailing_list_guidelines&data=02%7C01%7C > > > > mo > > > > > > te > > > > > > r%40austin.utexas.edu%7Cc0f76fa86d4d42c2aef608d7ab204bc2%7C31d7e2a > > > > 5b > > > > > > dd > > > > > > 8414e9e97bea998ebdfe1%7C1%7C0%7C637166027507304667&sdata=QUgcp > > > > i8 > > > > > > 2T > > > > > > TRy7qanAkjRey8ZpC2GDy7%2BJ7yXeOrtb8I%3D&reserved=0 > > > > > > List Archives: > > > > > > https://nam05.safelinks.protection.outlook.com/?url=https%3A%2F%2F > > > > li > > > > > > st > > > > > > s.fedorahosted.org%2Farchives%2Flist%2Fsssd-users%40lists.fedoraho > > > > st > > > > > > ed > > > > > > .org&data=02%7C01%7Cmoter%40austin.utexas.edu%7Cc0f76fa86d4d42 > > > > c2 > > > > > > ae > > > > > > f608d7ab204bc2%7C31d7e2a5bdd8414e9e97bea998ebdfe1%7C1%7C0%7C637166 > > > > 02 > > > > > > 75 > > > > > > 07314661&sdata=oDU3WxA3dStxFQ09%2Fc8qU7qGh1P5w3a9rSe9trG8%2Bx4 > > > > %3 > > > > > > D& > > > > > > amp;reserved=0 > > > > > > > > > > > _______________________________________________ > > > > > > sssd-users mailing list -- > > > > [email protected]<mailto:[email protected] > > > > sted.org> To > > > > > > unsubscribe send an email to > > > > [email protected]<mailto:sssd-users-leave@li > > > > sts.fedorahosted.org> > > > > > > Fedora Code of Conduct: > > > > > > https://nam05.safelinks.protection.outlook.com/?url=https%3A%2F%2F > > > > do > > > > > > cs > > > > > > .fedoraproject.org%2Fen-US%2Fproject%2Fcode-of-conduct%2F&data > > > > =0 > > > > > > 2% > > > > > > 7C01%7Cmoter%40austin.utexas.edu%7Cc0f76fa86d4d42c2aef608d7ab204bc > > > > 2% > > > > > > 7C > > > > > > 31d7e2a5bdd8414e9e97bea998ebdfe1%7C1%7C0%7C637166027507314661& > > > > sd > > > > > > at > > > > > > a=b%2Fu1IXQ%2F42XEq3c6DYwzTyYno4azJb3qvUtPiZmOdrc%3D&reserved= > > > > 0 > > > > > > List Guidelines: > > > > > > https://nam05.safelinks.protection.outlook.com/?url=https%3A%2F%2F > > > > fe > > > > > > do > > > > > > raproject.org%2Fwiki%2FMailing_list_guidelines&data=02%7C01%7C > > > > mo > > > > > > te > > > > > > r%40austin.utexas.edu%7Cc0f76fa86d4d42c2aef608d7ab204bc2%7C31d7e2a > > > > 5b > > > > > > dd > > > > > > 8414e9e97bea998ebdfe1%7C1%7C0%7C637166027507314661&sdata=CIJal > > > > 5z > > > > > > 4E > > > > > > nNOIQFsuveKmlEK1wMzIx79ZaXavinrtsk%3D&reserved=0 > > > > > > List Archives: > > > > > > https://nam05.safelinks.protection.outlook.com/?url=https%3A%2F%2F > > > > li > > > > > > st > > > > > > s.fedorahosted.org%2Farchives%2Flist%2Fsssd-users%40lists.fedoraho > > > > st > > > > > > ed > > > > > > .org&data=02%7C01%7Cmoter%40austin.utexas.edu%7Cc0f76fa86d4d42 > > > > c2 > > > > > > ae > > > > > > f608d7ab204bc2%7C31d7e2a5bdd8414e9e97bea998ebdfe1%7C1%7C0%7C637166 > > > > 02 > > > > > > 75 > > > > > > 07314661&sdata=oDU3WxA3dStxFQ09%2Fc8qU7qGh1P5w3a9rSe9trG8%2Bx4 > > > > %3 > > > > > > D& > > > > > > amp;reserved=0 > > > > > _______________________________________________ > > > > > sssd-users mailing list -- > > > [email protected]<mailto:[email protected] > > > ed.org> To > > > > > unsubscribe send an email to > > > [email protected]<mailto:sssd-users-leave@list > > > s.fedorahosted.org> > > > > > Fedora Code of Conduct: > > > > > https://nam05.safelinks.protection.outlook.com/?url=https%3A%2F%2Fdo > > > cs > > > > > .fedoraproject.org%2Fen-US%2Fproject%2Fcode-of-conduct%2F&data=0 > > > 2% > > > > > 7C01%7Cmoter%40austin.utexas.edu%7C87719229ad54467ff98808d7b0576033% > > > 7C > > > > > 31d7e2a5bdd8414e9e97bea998ebdfe1%7C1%7C1%7C637171761658415397&sd > > > at > > > > > a=CY5%2B8lrh6B9UIqXNYXSzpIyeRI93sHge9cuKB8KDBdk%3D&reserved=0 > > > > > List Guidelines: > > > > > https://nam05.safelinks.protection.outlook.com/?url=https%3A%2F%2Ffe > > > do > > > > > raproject.org%2Fwiki%2FMailing_list_guidelines&data=02%7C01%7Cmo > > > te > > > > > r%40austin.utexas.edu%7C87719229ad54467ff98808d7b0576033%7C31d7e2a5b > > > dd > > > > > 8414e9e97bea998ebdfe1%7C1%7C1%7C637171761658415397&sdata=uFxkGT3 > > > GV > > > > > Y3moV7TxfDo%2BNHyz%2B8AUbVpApIxs3PTmzs%3D&reserved=0 > > > > > List Archives: > > > > > https://nam05.safelinks.protection.outlook.com/?url=https%3A%2F%2Fli > > > st > > > > > s.fedorahosted.org%2Farchives%2Flist%2Fsssd-users%40lists.fedorahost > > > ed > > > > > .org&data=02%7C01%7Cmoter%40austin.utexas.edu%7C87719229ad54467f > > > f9 > > > > > 8808d7b0576033%7C31d7e2a5bdd8414e9e97bea998ebdfe1%7C1%7C1%7C63717176 > > > 16 > > > > > 58415397&sdata=qZHqxPWZzftm51GK%2F29gM3NM9f5QnsoRQE2kqWGs3Os%3D& > > > am > > > > > p;reserved=0 > > > > > >> This message is from an external sender. Learn more about why > > > >> this << > > > > > >> matters at https://links.utexas.edu/rtyclf. << > > > > > _______________________________________________ > > > > > sssd-users mailing list -- > > > [email protected]<mailto:[email protected] > > > ed.org> To > > > > > unsubscribe send an email to > > > [email protected]<mailto:sssd-users-leave@list > > > s.fedorahosted.org> > > > > > Fedora Code of Conduct: > > > > > https://nam05.safelinks.protection.outlook.com/?url=https%3A%2F%2Fdo > > > cs > > > > > .fedoraproject.org%2Fen-US%2Fproject%2Fcode-of-conduct%2F&data=0 > > > 2% > > > > > 7C01%7Cmoter%40austin.utexas.edu%7C87719229ad54467ff98808d7b0576033% > > > 7C > > > > > 31d7e2a5bdd8414e9e97bea998ebdfe1%7C1%7C1%7C637171761658415397&sd > > > at > > > > > a=CY5%2B8lrh6B9UIqXNYXSzpIyeRI93sHge9cuKB8KDBdk%3D&reserved=0 > > > > > List Guidelines: > > > > > https://nam05.safelinks.protection.outlook.com/?url=https%3A%2F%2Ffe > > > do > > > > > raproject.org%2Fwiki%2FMailing_list_guidelines&data=02%7C01%7Cmo > > > te > > > > > r%40austin.utexas.edu%7C87719229ad54467ff98808d7b0576033%7C31d7e2a5b > > > dd > > > > > 8414e9e97bea998ebdfe1%7C1%7C1%7C637171761658415397&sdata=uFxkGT3 > > > GV > > > > > Y3moV7TxfDo%2BNHyz%2B8AUbVpApIxs3PTmzs%3D&reserved=0 > > > > > List Archives: > > > > > https://nam05.safelinks.protection.outlook.com/?url=https%3A%2F%2Fli > > > st > > > > > s.fedorahosted.org%2Farchives%2Flist%2Fsssd-users%40lists.fedorahost > > > ed > > > > > .org&data=02%7C01%7Cmoter%40austin.utexas.edu%7C87719229ad54467f > > > f9 > > > > > 8808d7b0576033%7C31d7e2a5bdd8414e9e97bea998ebdfe1%7C1%7C1%7C63717176 > > > 16 > > > > > 58415397&sdata=qZHqxPWZzftm51GK%2F29gM3NM9f5QnsoRQE2kqWGs3Os%3D& > > > am > > > > > p;reserved=0 > > > > _______________________________________________ > > > > sssd-users mailing list -- > > [email protected]<mailto:[email protected] > > .org> To unsubscribe send an email to > > [email protected]<mailto:sssd-users-leave@lists. > > fedorahosted.org> > > > > Fedora Code of Conduct: > > https://nam05.safelinks.protection.outlook.com/?url=https%3A%2F%2Fdocs > > .fedoraproject.org%2Fen-US%2Fproject%2Fcode-of-conduct%2F&data=02% > > 7C01%7Cmoter%40austin.utexas.edu%7C282ee4414b1242200e5908d7b0944929%7C > > 31d7e2a5bdd8414e9e97bea998ebdfe1%7C1%7C0%7C637172023246950934&sdat > > a=vSoy%2BB6PumDUGbPgpbIip%2F4NVQSev5zeLn5q6czf7Iw%3D&reserved=0 > > > > List Guidelines: > > https://nam05.safelinks.protection.outlook.com/?url=https%3A%2F%2Ffedo > > raproject.org%2Fwiki%2FMailing_list_guidelines&data=02%7C01%7Cmote > > r%40austin.utexas.edu%7C282ee4414b1242200e5908d7b0944929%7C31d7e2a5bdd > > 8414e9e97bea998ebdfe1%7C1%7C1%7C637172023246960925&sdata=zH1dfRZEX > > 1IkkAWUBORT62TbdyCptLfFTR0LXj6YKAo%3D&reserved=0 > > > > List Archives: > > https://nam05.safelinks.protection.outlook.com/?url=https%3A%2F%2Flist > > s.fedorahosted.org%2Farchives%2Flist%2Fsssd-users%40lists.fedorahosted > > .org&data=02%7C01%7Cmoter%40austin.utexas.edu%7C282ee4414b1242200e > > 5908d7b0944929%7C31d7e2a5bdd8414e9e97bea998ebdfe1%7C1%7C1%7C6371720232 > > 46960925&sdata=9TGUHFXcI%2F%2B%2F8mbnbSrdiYYlghMPkddrwQ3jS%2FB%2BJ > > 1g%3D&reserved=0 > > > > >> This message is from an external sender. Learn more about why this > > >> << > > > > >> matters at https://links.utexas.edu/rtyclf. << > > > _______________________________________________ > > sssd-users mailing list -- [email protected] To > > unsubscribe send an email to [email protected] > > Fedora Code of Conduct: > > https://nam05.safelinks.protection.outlook.com/?url=https%3A%2F%2Fdocs > > .fedoraproject.org%2Fen-US%2Fproject%2Fcode-of-conduct%2F&data=02% > > 7C01%7Cmoter%40austin.utexas.edu%7C282ee4414b1242200e5908d7b0944929%7C > > 31d7e2a5bdd8414e9e97bea998ebdfe1%7C1%7C0%7C637172023246960925&sdat > > a=9uSFPFkpIr5qK0W13Hes8pno8hu3WC0E1jqGkcCLTrQ%3D&reserved=0 > > List Guidelines: > > https://nam05.safelinks.protection.outlook.com/?url=https%3A%2F%2Ffedo > > raproject.org%2Fwiki%2FMailing_list_guidelines&data=02%7C01%7Cmote > > r%40austin.utexas.edu%7C282ee4414b1242200e5908d7b0944929%7C31d7e2a5bdd > > 8414e9e97bea998ebdfe1%7C1%7C1%7C637172023246960925&sdata=zH1dfRZEX > > 1IkkAWUBORT62TbdyCptLfFTR0LXj6YKAo%3D&reserved=0 > > List Archives: > > https://nam05.safelinks.protection.outlook.com/?url=https%3A%2F%2Flist > > s.fedorahosted.org%2Farchives%2Flist%2Fsssd-users%40lists.fedorahosted > > .org&data=02%7C01%7Cmoter%40austin.utexas.edu%7C282ee4414b1242200e > > 5908d7b0944929%7C31d7e2a5bdd8414e9e97bea998ebdfe1%7C1%7C1%7C6371720232 > > 46960925&sdata=9TGUHFXcI%2F%2B%2F8mbnbSrdiYYlghMPkddrwQ3jS%2FB%2BJ > > 1g%3D&reserved=0 > _______________________________________________ > sssd-users mailing list -- [email protected] To unsubscribe > send an email to [email protected] > Fedora Code of Conduct: > https://nam05.safelinks.protection.outlook.com/?url=https%3A%2F%2Fdocs.fedoraproject.org%2Fen-US%2Fproject%2Fcode-of-conduct%2F&data=02%7C01%7Cmoter%40austin.utexas.edu%7C282ee4414b1242200e5908d7b0944929%7C31d7e2a5bdd8414e9e97bea998ebdfe1%7C1%7C0%7C637172023246960925&sdata=9uSFPFkpIr5qK0W13Hes8pno8hu3WC0E1jqGkcCLTrQ%3D&reserved=0 > List Guidelines: > https://nam05.safelinks.protection.outlook.com/?url=https%3A%2F%2Ffedoraproject.org%2Fwiki%2FMailing_list_guidelines&data=02%7C01%7Cmoter%40austin.utexas.edu%7C282ee4414b1242200e5908d7b0944929%7C31d7e2a5bdd8414e9e97bea998ebdfe1%7C1%7C1%7C637172023246960925&sdata=zH1dfRZEX1IkkAWUBORT62TbdyCptLfFTR0LXj6YKAo%3D&reserved=0 > List Archives: > https://nam05.safelinks.protection.outlook.com/?url=https%3A%2F%2Flists.fedorahosted.org%2Farchives%2Flist%2Fsssd-users%40lists.fedorahosted.org&data=02%7C01%7Cmoter%40austin.utexas.edu%7C282ee4414b1242200e5908d7b0944929%7C31d7e2a5bdd8414e9e97bea998ebdfe1%7C1%7C1%7C637172023246960925&sdata=9TGUHFXcI%2F%2B%2F8mbnbSrdiYYlghMPkddrwQ3jS%2FB%2BJ1g%3D&reserved=0 > >> This message is from an external sender. Learn more about why this << > >> matters at https://links.utexas.edu/rtyclf. << > _______________________________________________ > sssd-users mailing list -- [email protected] > To unsubscribe send an email to [email protected] > Fedora Code of Conduct: > https://docs.fedoraproject.org/en-US/project/code-of-conduct/ > List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines > List Archives: > https://lists.fedorahosted.org/archives/list/[email protected] _______________________________________________ sssd-users mailing list -- [email protected] To unsubscribe send an email to [email protected] Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/[email protected]
