Hmm.. will have to come up with something else for those hosts then... upgrade to 7+ I guess since EOL is Nov... maybe MS will wait until Nov to push the patch that turns on ldap signing? One can hope I guess.
Todd -----Original Message----- From: Sumit Bose <[email protected]> Sent: Thursday, February 13, 2020 9:17 AM To: End-user discussions about the System Security Services Daemon <[email protected]> Subject: [SSSD-users] Re: sssd 1.16.4. ADV190023. On Thu, Feb 13, 2020 at 03:10:31PM +0000, Mote, Todd wrote: > Tangentially, GSS-SPNEGO isn't available on RHEL 6, correct? Hi, not not available in RHEL-6, iirc it was added in RHEL-7.2 or RHEL-7.3. bye, Sumit > > Todd > > -----Original Message----- > From: Sumit Bose <[email protected]> > Sent: Thursday, February 13, 2020 8:51 AM > To: End-user discussions about the System Security Services Daemon > <[email protected]> > Subject: [SSSD-users] Re: sssd 1.16.4. ADV190023. > > On Thu, Feb 13, 2020 at 01:42:33PM +0000, Mote, Todd wrote: > > I'll work on getting that today. This is what I know so far. > > > > > > > > Test system updated through our Satellite, so nothing special or different. > > Yum updated everything: > > > > RHEL 7.7 > > > > sssd-1.16.4-21.el7_7.1.x86_64 > > > > adcli-0.8.1-9.el7.x86_64 > > > > > > > > Domain: > > > > Windows Server 2016 > > > > regkey ldapserverintegrity=2 > > > > regkey ldapenforcechannelbinding=1 > > > > > > > > we splunk our domain logs and my coworker wrote a dashboard to display the > > entries when either simple binds or unsigned sasl occur. Over the last 24 > > hours my test host triggered the unsigned sasl entry 13 times. Each entry > > corresponds precisely to the adcli check password attempt in the logs. It > > doesn't log an unsigned sasl event every hour, and a couple of times not at > > all for several hours. I'm not sure what's behind that. Times here are > > UTC -6. I’m in the 7:00 hour here. The most recent entry is below. I’ll > > work to get a trace running by the next hour, in case it logs it again. > > Hi, > > can you try to run the following ldapsearch commands and check which one > causes a message in the event log? > > ldapsearch -H cldap://ad-server.ADTEST.domain.com -b '' -s base > '(&(DnsDomain=ADTEST.domain.com)(NtVer=\14\00\00\00))' netlogon > > ldapsearch -H ldap://ad-server.ADTEST.domain.com -x -b '' -s > base '(&(DnsDomain=ADTEST.domain.com)(NtVer=\14\00\00\00))' netlogon > > ldapsearch -H ldap://ad-server.ADTEST.domain.com -x -b '' -s > base > > kinit '[email protected]' > ldapsearch -H ldap://ad-server.ADTEST.domain.com -Y GSSAPI -b '' > -s base > > kinit '[email protected]' > ldapsearch -H ldap://ad-server.ADTEST.domain.com -Y GSS-SPNEGO -b > '' -s base > > bye, > Sumit > > > > > > > > > This behavior also happens with RHEL 8, sssd 2.2 and adcli 0.8.2. I see > > the same entries logged in both the sssd log on the device and the domain. > > > > > > Timestamp<https://splunk.security.utexas.edu/en-US/app/ut_itsy-ad-mo > > ni > > toring/search?earliest=-24h%40h&latest=now&q=search%20%60ADlogs%60%2 > > 0s > > ource%3D%22WinEventLog%3ADirectory%20Service%22%20EventCode%3D2889%2 > > 0% > > 7C%20rex%20field%3DMessage%20%22(%3Fs)%5E(%3F%3CeMessage%3E.*%5C.)%5 > > Cs > > *Client%20IP%20address%3A%5Cs*(%3F%3CClientIPAddress%3E.*)%3A(%3F%3C > > Po > > rt%3E%5Cd%2B)%5Cs*Identity%20the%20client%20attempted%20to%20authent > > ic > > ate%20as%3A%5Cs*(%3F%3CUserName%3E%5CS*)%5Cs*Binding%20Type%3A%5Cs*( > > %3 > > F%3CBindingType%3E%5Cd)%24%22%20%7C%20eval%20Timestamp%3Dstrftime(_t > > im > > e%2C%20%22%25m-%25d-%25Y%20%25H%3A%25M%3A%25S%22)%20%7C%20lookup%20d > > ns > > lookup%20clientip%20as%20ClientIPAddress%20OUTPUT%20clienthost%20as% > > 20 > > FQDN%20%7C%20search%20BindingType%3D*%20ClientIPAddress%3D146.6.182. > > 22 > > 6%20%7C%20%20eval%20BindingType%3Dcase(BindingType%3D%3D0%2C%22Unsig > > ne > > d%20SASL%22%2CBindingType%3D%3D1%2C%22Simple%22)%20%7C%20sort%20-Tim > > es > > tamp%20%7C%20rename%20ClientIPAddress%20as%20%22Client%20IP%20Addres > > s% > > 22%2CUserName%20as%20%22User%20Name%22%2CBindingType%20as%20%22Bindi > > ng > > %20Type%22%20%7C%20table%20Timestamp%2C%22Client%20IP%20Address%22%2 > > CF > > QDN%2C%22User%20Name%22%2C%22Binding%20Type%22&display.page.search.m > > od > > e=smart&dispatch.sample_ratio=1&display.page.search.tab=statistics&d > > is > > play.general.type=statistics&display.statistics.sortColumn=Timestamp > > &d > > isplay.statistics.sortDirection=desc&sid=1581600147.468973_8220FB8F- > > 01 > > FA-4F7E-929B-F56DE7E31D3B> User > > Name<https://splunk.security.utexas.edu/en-US/app/ut_itsy-ad-monitor > > in > > g/search?earliest=-24h%40h&latest=now&q=search%20%60ADlogs%60%20sour > > ce > > %3D%22WinEventLog%3ADirectory%20Service%22%20EventCode%3D2889%20%7C% > > 20 > > rex%20field%3DMessage%20%22(%3Fs)%5E(%3F%3CeMessage%3E.*%5C.)%5Cs*Cl > > ie > > nt%20IP%20address%3A%5Cs*(%3F%3CClientIPAddress%3E.*)%3A(%3F%3CPort% > > 3E > > %5Cd%2B)%5Cs*Identity%20the%20client%20attempted%20to%20authenticate > > %2 > > 0as%3A%5Cs*(%3F%3CUserName%3E%5CS*)%5Cs*Binding%20Type%3A%5Cs*(%3F%3 > > CB > > indingType%3E%5Cd)%24%22%20%7C%20eval%20Timestamp%3Dstrftime(_time%2 > > C% > > 20%22%25m-%25d-%25Y%20%25H%3A%25M%3A%25S%22)%20%7C%20lookup%20dnsloo > > ku > > p%20clientip%20as%20ClientIPAddress%20OUTPUT%20clienthost%20as%20FQD > > N% > > 20%7C%20search%20BindingType%3D*%20ClientIPAddress%3D146.6.182.226%2 > > 0% > > 7C%20%20eval%20BindingType%3Dcase(BindingType%3D%3D0%2C%22Unsigned%2 > > 0S > > ASL%22%2CBindingType%3D%3D1%2C%22Simple%22)%20%7C%20sort%20-Timestam > > p% > > 20%7C%20rename%20ClientIPAddress%20as%20%22Client%20IP%20Address%22% > > 2C > > UserName%20as%20%22User%20Name%22%2CBindingType%20as%20%22Binding%20 > > Ty > > pe%22%20%7C%20table%20Timestamp%2C%22Client%20IP%20Address%22%2CFQDN > > %2 > > C%22User%20Name%22%2C%22Binding%20Type%22&display.page.search.mode=s > > ma > > rt&dispatch.sample_ratio=1&display.page.search.tab=statistics&display. > > general.type=statistics&display.statistics.sortColumn=Timestamp&disp > > la > > y.statistics.sortDirection=desc&sid=1581600147.468973_8220FB8F-01FA- > > 4F > > 7E-929B-F56DE7E31D3B> Binding > > Type<https://splunk.security.utexas.edu/en-US/app/ut_itsy-ad-monitor > > in > > g/search?earliest=-24h%40h&latest=now&q=search%20%60ADlogs%60%20sour > > ce > > %3D%22WinEventLog%3ADirectory%20Service%22%20EventCode%3D2889%20%7C% > > 20 > > rex%20field%3DMessage%20%22(%3Fs)%5E(%3F%3CeMessage%3E.*%5C.)%5Cs*Cl > > ie > > nt%20IP%20address%3A%5Cs*(%3F%3CClientIPAddress%3E.*)%3A(%3F%3CPort% > > 3E > > %5Cd%2B)%5Cs*Identity%20the%20client%20attempted%20to%20authenticate > > %2 > > 0as%3A%5Cs*(%3F%3CUserName%3E%5CS*)%5Cs*Binding%20Type%3A%5Cs*(%3F%3 > > CB > > indingType%3E%5Cd)%24%22%20%7C%20eval%20Timestamp%3Dstrftime(_time%2 > > C% > > 20%22%25m-%25d-%25Y%20%25H%3A%25M%3A%25S%22)%20%7C%20lookup%20dnsloo > > ku > > p%20clientip%20as%20ClientIPAddress%20OUTPUT%20clienthost%20as%20FQD > > N% > > 20%7C%20search%20BindingType%3D*%20ClientIPAddress%3D146.6.182.226%2 > > 0% > > 7C%20%20eval%20BindingType%3Dcase(BindingType%3D%3D0%2C%22Unsigned%2 > > 0S > > ASL%22%2CBindingType%3D%3D1%2C%22Simple%22)%20%7C%20sort%20-Timestam > > p% > > 20%7C%20rename%20ClientIPAddress%20as%20%22Client%20IP%20Address%22% > > 2C > > UserName%20as%20%22User%20Name%22%2CBindingType%20as%20%22Binding%20 > > Ty > > pe%22%20%7C%20table%20Timestamp%2C%22Client%20IP%20Address%22%2CFQDN > > %2 > > C%22User%20Name%22%2C%22Binding%20Type%22&display.page.search.mode=s > > ma > > rt&dispatch.sample_ratio=1&display.page.search.tab=statistics&display. > > general.type=statistics&display.statistics.sortColumn=Timestamp&disp > > la > > y.statistics.sortDirection=desc&sid=1581600147.468973_8220FB8F-01FA- > > 4F > > 7E-929B-F56DE7E31D3B> > > 02-13-2020 07:12:33 > > ADTEST\ANTI-TEST$ > > Unsigned SASL > > 02-13-2020 05:12:34 > > ADTEST\ANTI-TEST$ > > Unsigned SASL > > 02-13-2020 03:12:34 > > ADTEST\ANTI-TEST$ > > Unsigned SASL > > 02-13-2020 02:12:35 > > ADTEST\ANTI-TEST$ > > Unsigned SASL > > 02-13-2020 01:12:34 > > ADTEST\ANTI-TEST$ > > Unsigned SASL > > 02-12-2020 23:12:34 > > ADTEST\ANTI-TEST$ > > Unsigned SASL > > 02-12-2020 22:12:34 > > ADTEST\ANTI-TEST$ > > Unsigned SASL > > 02-12-2020 19:12:34 > > ADTEST\ANTI-TEST$ > > Unsigned SASL > > 02-12-2020 17:12:34 > > ADTEST\ANTI-TEST$ > > Unsigned SASL > > 02-12-2020 14:12:34 > > ADTEST\ANTI-TEST$ > > Unsigned SASL > > 02-12-2020 13:12:34 > > ADTEST\ANTI-TEST$ > > Unsigned SASL > > 02-12-2020 09:12:35 > > ADTEST\ANTI-TEST$ > > Unsigned SASL > > 02-12-2020 08:12:34 > > ADTEST\ANTI-TEST$ > > Unsigned SASL > > > > > > > > > > > > (Thu Feb 13 07:12:33 2020) [sssd[be[adtest.domain.com]]] > > [ad_machine_account_password_renewal_done] (0x1000): --- adcli > > output > > start--- > > > > * Found realm in keytab: ADTEST.domain.com > > > > * Found computer name in keytab: ANTI-TEST > > > > * Found service principal in keytab: host/ANTI-TEST > > > > * Found service principal in keytab: > > host/anti-test.adtest.domain.com > > > > * Found host qualified name in keytab: anti-test.adtest.domain.com > > > > * Found service principal in keytab: RestrictedKrbHost/ANTI-TEST > > > > * Found service principal in keytab: > > RestrictedKrbHost/anti-test.adtest.domain.com > > > > * Using fully qualified name: anti-test.adtest.domain.com > > > > * Using domain name: adtest.domain.com > > > > * Calculated computer account name from fqdn: ANTI-TEST > > > > * Using domain realm: adtest.domain.com > > > > * Sending netlogon pings to domain controller: cldap:// > > xxx.xxx.xxx.xxx > > > > * Received NetLogon info from: dc01a.adtest.domain.com > > > > * Wrote out krb5.conf snippet to > > /tmp/adcli-krb5-RCmgmC/krb5.d/adcli-krb5-conf-vPdhBf > > > > * Authenticated as default/reset computer account: ANTI-TEST > > > > * Looked up short domain name: ADTEST > > > > * Looked up domain SID: S-1-5-21-xxxxxxxxxx-xxxxxxxxxx-xxxxxxxxx > > > > * Using fully qualified name: anti-test.adtest.domain.com > > > > * Using domain name: adtest.domain.com > > > > * Using computer account name: ANTI-TEST > > > > * Using domain realm: adtest.domain.com > > > > * Using fully qualified name: anti-test.adtest.domain.com > > > > * Enrolling computer name: ANTI-TEST > > > > * Generated 120 character computer password > > > > * Using keytab: FILE:/etc/krb5.keytab > > > > * Found computer account for ANTI-TEST$ at: > > CN=ANTI-TEST,OU=Dev,OU=Linux,OU=moter,OU=ITSY-Staff,OU=ITSY,OU=Depar > > tm > > ents,DC=adtest,DC=domain,DC=com > > > > * Retrieved kvno '6' for computer account in directory: > > CN=ANTI-TEST,OU=Dev,OU=Linux,OU=moter,OU=ITSY-Staff,OU=ITSY,OU=Depar > > tm > > ents,DC=adtest,DC=domain,DC=com > > > > * Password not too old, no change needed > > > > * Sending netlogon pings to domain controller: > > cldap://xxx.xxx.xxx.xxx > > > > * Received NetLogon info from: dc01a.adtest.domain.com > > > > * Checking RestrictedKrbHost/anti-test.adtest.domain.com > > > > * Added RestrictedKrbHost/anti-test.adtest.domain.com > > > > * Checking host/anti-test.adtest.domain.com > > > > * Added host/anti-test.adtest.domain.com > > > > * Checking RestrictedKrbHost/ANTI-TEST > > > > * Added RestrictedKrbHost/ANTI-TEST > > > > * Checking host/ANTI-TEST > > > > * Added host/ANTI-TEST > > > > ---adcli output end--- > > > > > > > > Todd > > > > > > > > -----Original Message----- > > From: Sumit Bose <[email protected]> > > Sent: Thursday, February 13, 2020 1:36 AM > > To: [email protected] > > Subject: [SSSD-users] Re: sssd 1.16.4. ADV190023. > > > > > > > > On Wed, Feb 12, 2020 at 01:11:14PM +0000, Mote, Todd wrote: > > > > > Sumit > > > > > > > > > > Any idea on when your SASL/GSS-SPNEGO patch for adcli might make it > > > downstream? It seems that adcli is checking once an hour on the age of > > > the password and is the only thing left on my test hosts that is > > > triggering the Unsigned SASL event on our domain controllers. I have > > > tinkered with the GSSAPI and other settings in ldap.conf, so none of the > > > connections are simple, just unsigned, which isn't terrible, but it'd be > > > nice to eliminate them altogether, ya know? > > > > > > > > Hi, > > > > > > > > they are planned for the next RHEL releases and I'm about to prepare Fedora > > packages. > > > > > > > > I did some tests with older RHEL7 versions and didn't come across issues > > even with only SASL/GSSAPI when I enforce channel binding and LDAP signing > > on AD. Would it be possible to send a network trace which covers the > > connection attempt of adcli which causes the issue? > > > > > > > > bye, > > > > Sumit > > > > > > > > > > > > > > Todd > > > > > > > > > > -----Original Message----- > > > > > From: Sumit Bose <[email protected]<mailto:[email protected]>> > > > > > Sent: Thursday, February 6, 2020 10:18 AM > > > > > To: > > > [email protected]<mailto:[email protected] > > > st > > > ed.org> > > > > > Subject: [SSSD-users] Re: sssd 1.16.4. ADV190023. > > > > > > > > > > On Thu, Feb 06, 2020 at 03:05:13PM +0000, Ondrej Valousek wrote: > > > > > > did you try refreshing the machine password in AD?Looks like it's too > > > > old. > > > > > > O. > > > > > > ________________________________ > > > > > > From: David David <[email protected]<mailto:[email protected]>> > > > > > > Sent: Thursday, February 6, 2020 12:09 PM > > > > > > To: > > > > [email protected]<mailto:[email protected] > > > > ho > > > > sted.org> > > > > > > <[email protected]<mailto:[email protected] > > > > ah > > > > osted.org>> > > > > > > Subject: [SSSD-users] sssd 1.16.4. ADV190023. > > > > > > > > > > > > Hello, > > > > > > i guess that you probably heard about ADV190023. Our AD admin told me > > > > that linux servers which are under my responsibility send an unsigned > > > > request to AD, what could be a problem related to this incomming Ad > > > > patch: > > > > https://nam05.safelinks.protection.outlook.com/?url=https%3A%2F%2Fsupport.microsoft.com%2Fen-us%2Fhelp%2F4520412%2F2020-ldap-channel-binding-and-ldap-signing-requirement-for-windows&data=02%7C01%7Cmoter%40austin.utexas.edu%7C1f2c72cd1e634f20436e08d7b097e7ed%7C31d7e2a5bdd8414e9e97bea998ebdfe1%7C1%7C0%7C637172038795847937&sdata=%2FUAQUqYQscz1l4sM83oUFORLq%2FCsp58RK9Vc8sdBNtc%3D&reserved=0. > > > > > > > > > > > > I am using sssd in "sssd-ad mode." The communication between a linux > > > > servers and our AD is crypted by kerberos, so this should be ok. > > > > > > > > > > > > I found only one kind of request which could result in potential > > > > failure. After mentioned patching implementation. See please below: > > > > > > > > > > > > (Wed Feb 5 16:57:21 2020) [sssd[be[AD]]] [be_ptask_execute] (0x0400): > > > > > > Task [AD machine account password renewal]: executing task, > > > > timeout > > > > > > 60 seconds (Wed Feb 5 16:57:21 2020) [sssd[be[AD]]] > > > > [be_ptask_done] > > > > > > (0x0400): Task [AD machine account password renewal]: finished > > > > > > successfully (Wed Feb 5 16:57:21 2020) [sssd[be[AD]]] > > > > > > [be_ptask_schedule] (0x0400): Task [AD machine account password > > > > > > renewal]: scheduling task 86400 seconds from last > > > > > > > > > > Hi, > > > > > > > > > > Ondrej is right, those messages are related to adcli trying to > > > update > > > > > the machine account password if it is too old. To check when the > > > > > password was last updated adcli uses LDAP with SASL/GSSAPI. I've > > > added > > > > > a patch so that SASL/GSS-SPNEGO is used when it is available in > > > the AD > > > > > DC side > > > > > https://nam05.safelinks.protection.outlook.com/?url=https%3A%2F%2F > > > gi > > > tl > > > > > ab.freedesktop.org%2Frealmd%2Fadcli%2Fcommit%2Fa6f795ba3d6048b32d7 > > > 86 > > > 34 > > > > > 68688bf7f42b2cafd&data=02%7C01%7Cmoter%40austin.utexas.edu%7C8 > > > 77 > > > 19 > > > > > 229ad54467ff98808d7b0576033%7C31d7e2a5bdd8414e9e97bea998ebdfe1%7C1 > > > %7 > > > C1 > > > > > %7C637171761658405405&sdata=rPcG9mknHufVZUy6ege6n2vx%2B1Hy5XQh > > > Dn > > > 7H > > > > > 8ugqlzA%3D&reserved=0 With SASL/GSS-SPNEGO all requirements > > > are > > > > > negotiated automatically and signing should be switched on if required. > > > > > > > > > > With SASL/GSSAPI you might be able to tune this manually, see e.g. the > > > SASL and GSSAPI options in man ldap.conf for details. > > > > > > > > > > There is also a patch for adcli which tells adcli to use ldaps > > > > > https://nam05.safelinks.protection.outlook.com/?url=https%3A%2F%2F > > > gi > > > tl > > > > > ab.freedesktop.org%2Frealmd%2Fadcli%2Fcommit%2F85097245b57f1903372 > > > 25 > > > db > > > > > dbf6e33b58616c092&data=02%7C01%7Cmoter%40austin.utexas.edu%7C8 > > > 77 > > > 19 > > > > > 229ad54467ff98808d7b0576033%7C31d7e2a5bdd8414e9e97bea998ebdfe1%7C1 > > > %7 > > > C1 > > > > > %7C637171761658405405&sdata=9dY6eOGTKimEYqydWbRFROldOTNRM16t1c > > > ae > > > Uh > > > > > bBTiY%3D&reserved=0 but this is currently not used by SSSD. > > > And in > > > > > general I think using GSS-SPNEGO is sufficient since there is no > > > requirement to switch to ldaps (if I read the advisory correctly) and AD > > > does not enable ldaps by default as well. > > > > > > > > > > bye, > > > > > Sumit > > > > > > > > > > > > > > > > > Everytime, this task is executed, our AD write into its log that an > > > > unsighned request came from my linux server. I tried to set > > > > ldap_tls_cert and ldap_tls_key into sssd.conf which point to the cert > > > > and key generated by our AD, but without success. > > > > > > > > > > > > I tried to find a proper solution how to sign the request that AD stop > > > > complaining, but nothing usefull found. > > > > > > > > > > > > My question is. Should I be affraid that after the patching, our AD > > > > will stop to communicate with my linux servers? > > > > > > > > > > > > Really thanks in advance for your answer. I really appreciate your > > > > effort. > > > > > > _______________________________________________ > > > > > > sssd-users mailing list -- > > > > [email protected]<mailto:[email protected] > > > > ho > > > > sted.org> To > > > > > > unsubscribe send an email to > > > > [email protected]<mailto:sssd-users-leave@ > > > > li > > > > sts.fedorahosted.org> > > > > > > Fedora Code of Conduct: > > > > > > https://nam05.safelinks.protection.outlook.com/?url=https%3A%2F% > > > > 2F > > > > do > > > > > > cs > > > > > > .fedoraproject.org%2Fen-US%2Fproject%2Fcode-of-conduct%2F&da > > > > ta > > > > =0 > > > > > > 2% > > > > > > 7C01%7Cmoter%40austin.utexas.edu%7Cc0f76fa86d4d42c2aef608d7ab204 > > > > bc > > > > 2% > > > > > > 7C > > > > > > 31d7e2a5bdd8414e9e97bea998ebdfe1%7C1%7C0%7C637166027507304667&am > > > > p; > > > > sd > > > > > > at > > > > > > a=v3APmwlHF3i9zi1WE950DEAqCMJCirnyPC4YyF2xJPQ%3D&reserved=0 > > > > > > List Guidelines: > > > > > > https://nam05.safelinks.protection.outlook.com/?url=https%3A%2F% > > > > 2F > > > > fe > > > > > > do > > > > > > raproject.org%2Fwiki%2FMailing_list_guidelines&data=02%7C01% > > > > 7C > > > > mo > > > > > > te > > > > > > r%40austin.utexas.edu%7Cc0f76fa86d4d42c2aef608d7ab204bc2%7C31d7e > > > > 2a > > > > 5b > > > > > > dd > > > > > > 8414e9e97bea998ebdfe1%7C1%7C0%7C637166027507304667&sdata=QUg > > > > cp > > > > i8 > > > > > > 2T > > > > > > TRy7qanAkjRey8ZpC2GDy7%2BJ7yXeOrtb8I%3D&reserved=0 > > > > > > List Archives: > > > > > > https://nam05.safelinks.protection.outlook.com/?url=https%3A%2F% > > > > 2F > > > > li > > > > > > st > > > > > > s.fedorahosted.org%2Farchives%2Flist%2Fsssd-users%40lists.fedora > > > > ho > > > > st > > > > > > ed > > > > > > .org&data=02%7C01%7Cmoter%40austin.utexas.edu%7Cc0f76fa86d4d > > > > 42 > > > > c2 > > > > > > ae > > > > > > f608d7ab204bc2%7C31d7e2a5bdd8414e9e97bea998ebdfe1%7C1%7C0%7C6371 > > > > 66 > > > > 02 > > > > > > 75 > > > > > > 07314661&sdata=oDU3WxA3dStxFQ09%2Fc8qU7qGh1P5w3a9rSe9trG8%2B > > > > x4 > > > > %3 > > > > > > D& > > > > > > amp;reserved=0 > > > > > > > > > > > _______________________________________________ > > > > > > sssd-users mailing list -- > > > > [email protected]<mailto:[email protected] > > > > ho > > > > sted.org> To > > > > > > unsubscribe send an email to > > > > [email protected]<mailto:sssd-users-leave@ > > > > li > > > > sts.fedorahosted.org> > > > > > > Fedora Code of Conduct: > > > > > > https://nam05.safelinks.protection.outlook.com/?url=https%3A%2F% > > > > 2F > > > > do > > > > > > cs > > > > > > .fedoraproject.org%2Fen-US%2Fproject%2Fcode-of-conduct%2F&da > > > > ta > > > > =0 > > > > > > 2% > > > > > > 7C01%7Cmoter%40austin.utexas.edu%7Cc0f76fa86d4d42c2aef608d7ab204 > > > > bc > > > > 2% > > > > > > 7C > > > > > > 31d7e2a5bdd8414e9e97bea998ebdfe1%7C1%7C0%7C637166027507314661&am > > > > p; > > > > sd > > > > > > at > > > > > > a=b%2Fu1IXQ%2F42XEq3c6DYwzTyYno4azJb3qvUtPiZmOdrc%3D&reserve > > > > d= > > > > 0 > > > > > > List Guidelines: > > > > > > https://nam05.safelinks.protection.outlook.com/?url=https%3A%2F% > > > > 2F > > > > fe > > > > > > do > > > > > > raproject.org%2Fwiki%2FMailing_list_guidelines&data=02%7C01% > > > > 7C > > > > mo > > > > > > te > > > > > > r%40austin.utexas.edu%7Cc0f76fa86d4d42c2aef608d7ab204bc2%7C31d7e > > > > 2a > > > > 5b > > > > > > dd > > > > > > 8414e9e97bea998ebdfe1%7C1%7C0%7C637166027507314661&sdata=CIJ > > > > al > > > > 5z > > > > > > 4E > > > > > > nNOIQFsuveKmlEK1wMzIx79ZaXavinrtsk%3D&reserved=0 > > > > > > List Archives: > > > > > > https://nam05.safelinks.protection.outlook.com/?url=https%3A%2F% > > > > 2F > > > > li > > > > > > st > > > > > > s.fedorahosted.org%2Farchives%2Flist%2Fsssd-users%40lists.fedora > > > > ho > > > > st > > > > > > ed > > > > > > .org&data=02%7C01%7Cmoter%40austin.utexas.edu%7Cc0f76fa86d4d > > > > 42 > > > > c2 > > > > > > ae > > > > > > f608d7ab204bc2%7C31d7e2a5bdd8414e9e97bea998ebdfe1%7C1%7C0%7C6371 > > > > 66 > > > > 02 > > > > > > 75 > > > > > > 07314661&sdata=oDU3WxA3dStxFQ09%2Fc8qU7qGh1P5w3a9rSe9trG8%2B > > > > x4 > > > > %3 > > > > > > D& > > > > > > amp;reserved=0 > > > > > _______________________________________________ > > > > > sssd-users mailing list -- > > > [email protected]<mailto:[email protected] > > > st > > > ed.org> To > > > > > unsubscribe send an email to > > > [email protected]<mailto:sssd-users-leave@li > > > st > > > s.fedorahosted.org> > > > > > Fedora Code of Conduct: > > > > > https://nam05.safelinks.protection.outlook.com/?url=https%3A%2F%2F > > > do > > > cs > > > > > .fedoraproject.org%2Fen-US%2Fproject%2Fcode-of-conduct%2F&data > > > =0 > > > 2% > > > > > 7C01%7Cmoter%40austin.utexas.edu%7C87719229ad54467ff98808d7b057603 > > > 3% > > > 7C > > > > > 31d7e2a5bdd8414e9e97bea998ebdfe1%7C1%7C1%7C637171761658415397& > > > sd > > > at > > > > > a=CY5%2B8lrh6B9UIqXNYXSzpIyeRI93sHge9cuKB8KDBdk%3D&reserved=0 > > > > > List Guidelines: > > > > > https://nam05.safelinks.protection.outlook.com/?url=https%3A%2F%2F > > > fe > > > do > > > > > raproject.org%2Fwiki%2FMailing_list_guidelines&data=02%7C01%7C > > > mo > > > te > > > > > r%40austin.utexas.edu%7C87719229ad54467ff98808d7b0576033%7C31d7e2a > > > 5b > > > dd > > > > > 8414e9e97bea998ebdfe1%7C1%7C1%7C637171761658415397&sdata=uFxkG > > > T3 > > > GV > > > > > Y3moV7TxfDo%2BNHyz%2B8AUbVpApIxs3PTmzs%3D&reserved=0 > > > > > List Archives: > > > > > https://nam05.safelinks.protection.outlook.com/?url=https%3A%2F%2F > > > li > > > st > > > > > s.fedorahosted.org%2Farchives%2Flist%2Fsssd-users%40lists.fedoraho > > > st > > > ed > > > > > .org&data=02%7C01%7Cmoter%40austin.utexas.edu%7C87719229ad5446 > > > 7f > > > f9 > > > > > 8808d7b0576033%7C31d7e2a5bdd8414e9e97bea998ebdfe1%7C1%7C1%7C637171 > > > 76 > > > 16 > > > > > 58415397&sdata=qZHqxPWZzftm51GK%2F29gM3NM9f5QnsoRQE2kqWGs3Os%3 > > > D& > > > am > > > > > p;reserved=0 > > > > > >> This message is from an external sender. Learn more about why > > > >> this << > > > > > >> matters at https://links.utexas.edu/rtyclf. << > > > > > _______________________________________________ > > > > > sssd-users mailing list -- > > > [email protected]<mailto:[email protected] > > > st > > > ed.org> To > > > > > unsubscribe send an email to > > > [email protected]<mailto:sssd-users-leave@li > > > st > > > s.fedorahosted.org> > > > > > Fedora Code of Conduct: > > > > > https://nam05.safelinks.protection.outlook.com/?url=https%3A%2F%2F > > > do > > > cs > > > > > .fedoraproject.org%2Fen-US%2Fproject%2Fcode-of-conduct%2F&data > > > =0 > > > 2% > > > > > 7C01%7Cmoter%40austin.utexas.edu%7C87719229ad54467ff98808d7b057603 > > > 3% > > > 7C > > > > > 31d7e2a5bdd8414e9e97bea998ebdfe1%7C1%7C1%7C637171761658415397& > > > sd > > > at > > > > > a=CY5%2B8lrh6B9UIqXNYXSzpIyeRI93sHge9cuKB8KDBdk%3D&reserved=0 > > > > > List Guidelines: > > > > > https://nam05.safelinks.protection.outlook.com/?url=https%3A%2F%2F > > > fe > > > do > > > > > raproject.org%2Fwiki%2FMailing_list_guidelines&data=02%7C01%7C > > > mo > > > te > > > > > r%40austin.utexas.edu%7C87719229ad54467ff98808d7b0576033%7C31d7e2a > > > 5b > > > dd > > > > > 8414e9e97bea998ebdfe1%7C1%7C1%7C637171761658415397&sdata=uFxkG > > > T3 > > > GV > > > > > Y3moV7TxfDo%2BNHyz%2B8AUbVpApIxs3PTmzs%3D&reserved=0 > > > > > List Archives: > > > > > https://nam05.safelinks.protection.outlook.com/?url=https%3A%2F%2F > > > li > > > st > > > > > s.fedorahosted.org%2Farchives%2Flist%2Fsssd-users%40lists.fedoraho > > > st > > > ed > > > > > .org&data=02%7C01%7Cmoter%40austin.utexas.edu%7C87719229ad5446 > > > 7f > > > f9 > > > > > 8808d7b0576033%7C31d7e2a5bdd8414e9e97bea998ebdfe1%7C1%7C1%7C637171 > > > 76 > > > 16 > > > > > 58415397&sdata=qZHqxPWZzftm51GK%2F29gM3NM9f5QnsoRQE2kqWGs3Os%3 > > > D& > > > am > > > > > p;reserved=0 > > > > _______________________________________________ > > > > sssd-users mailing list -- > > [email protected]<mailto:[email protected] > > ed .org> To unsubscribe send an email to > > [email protected]<mailto:sssd-users-leave@lists. > > fedorahosted.org> > > > > Fedora Code of Conduct: > > https://nam05.safelinks.protection.outlook.com/?url=https%3A%2F%2Fdo > > cs > > .fedoraproject.org%2Fen-US%2Fproject%2Fcode-of-conduct%2F&data=0 > > 2% > > 7C01%7Cmoter%40austin.utexas.edu%7C282ee4414b1242200e5908d7b0944929% > > 7C > > 31d7e2a5bdd8414e9e97bea998ebdfe1%7C1%7C0%7C637172023246950934&sd > > at > > a=vSoy%2BB6PumDUGbPgpbIip%2F4NVQSev5zeLn5q6czf7Iw%3D&reserved=0 > > > > List Guidelines: > > https://nam05.safelinks.protection.outlook.com/?url=https%3A%2F%2Ffe > > do > > raproject.org%2Fwiki%2FMailing_list_guidelines&data=02%7C01%7Cmo > > te > > r%40austin.utexas.edu%7C282ee4414b1242200e5908d7b0944929%7C31d7e2a5b > > dd > > 8414e9e97bea998ebdfe1%7C1%7C1%7C637172023246960925&sdata=zH1dfRZ > > EX > > 1IkkAWUBORT62TbdyCptLfFTR0LXj6YKAo%3D&reserved=0 > > > > List Archives: > > https://nam05.safelinks.protection.outlook.com/?url=https%3A%2F%2Fli > > st > > s.fedorahosted.org%2Farchives%2Flist%2Fsssd-users%40lists.fedorahost > > ed > > .org&data=02%7C01%7Cmoter%40austin.utexas.edu%7C282ee4414b124220 > > 0e > > 5908d7b0944929%7C31d7e2a5bdd8414e9e97bea998ebdfe1%7C1%7C1%7C63717202 > > 32 > > 46960925&sdata=9TGUHFXcI%2F%2B%2F8mbnbSrdiYYlghMPkddrwQ3jS%2FB%2 > > BJ > > 1g%3D&reserved=0 > > > > >> This message is from an external sender. Learn more about why > > >> this << > > > > >> matters at https://links.utexas.edu/rtyclf. << > > > _______________________________________________ > > sssd-users mailing list -- [email protected] To > > unsubscribe send an email to [email protected] > > Fedora Code of Conduct: > > https://nam05.safelinks.protection.outlook.com/?url=https%3A%2F%2Fdo > > cs > > .fedoraproject.org%2Fen-US%2Fproject%2Fcode-of-conduct%2F&data=0 > > 2% > > 7C01%7Cmoter%40austin.utexas.edu%7C282ee4414b1242200e5908d7b0944929% > > 7C > > 31d7e2a5bdd8414e9e97bea998ebdfe1%7C1%7C0%7C637172023246960925&sd > > at > > a=9uSFPFkpIr5qK0W13Hes8pno8hu3WC0E1jqGkcCLTrQ%3D&reserved=0 > > List Guidelines: > > https://nam05.safelinks.protection.outlook.com/?url=https%3A%2F%2Ffe > > do > > raproject.org%2Fwiki%2FMailing_list_guidelines&data=02%7C01%7Cmo > > te > > r%40austin.utexas.edu%7C282ee4414b1242200e5908d7b0944929%7C31d7e2a5b > > dd > > 8414e9e97bea998ebdfe1%7C1%7C1%7C637172023246960925&sdata=zH1dfRZ > > EX > > 1IkkAWUBORT62TbdyCptLfFTR0LXj6YKAo%3D&reserved=0 > > List Archives: > > https://nam05.safelinks.protection.outlook.com/?url=https%3A%2F%2Fli > > st > > s.fedorahosted.org%2Farchives%2Flist%2Fsssd-users%40lists.fedorahost > > ed > > .org&data=02%7C01%7Cmoter%40austin.utexas.edu%7C282ee4414b124220 > > 0e > > 5908d7b0944929%7C31d7e2a5bdd8414e9e97bea998ebdfe1%7C1%7C1%7C63717202 > > 32 > > 46960925&sdata=9TGUHFXcI%2F%2B%2F8mbnbSrdiYYlghMPkddrwQ3jS%2FB%2 > > BJ > > 1g%3D&reserved=0 > _______________________________________________ > sssd-users mailing list -- [email protected] To > unsubscribe send an email to [email protected] > Fedora Code of Conduct: > https://nam05.safelinks.protection.outlook.com/?url=https%3A%2F%2Fdocs > .fedoraproject.org%2Fen-US%2Fproject%2Fcode-of-conduct%2F&data=02% > 7C01%7Cmoter%40austin.utexas.edu%7C1f2c72cd1e634f20436e08d7b097e7ed%7C > 31d7e2a5bdd8414e9e97bea998ebdfe1%7C1%7C0%7C637172038795857934&sdat > a=xsP01ReHvU%2Bb4iYB9RK9CUF%2FonjBnTHJVj8GWg04IcU%3D&reserved=0 > List Guidelines: > https://nam05.safelinks.protection.outlook.com/?url=https%3A%2F%2Ffedo > raproject.org%2Fwiki%2FMailing_list_guidelines&data=02%7C01%7Cmote > r%40austin.utexas.edu%7C1f2c72cd1e634f20436e08d7b097e7ed%7C31d7e2a5bdd > 8414e9e97bea998ebdfe1%7C1%7C1%7C637172038795857934&sdata=4z4neBp82 > Pt0qXho9s8iV6z%2BHbor5Mk2YQKrKlLPI9s%3D&reserved=0 > List Archives: > https://nam05.safelinks.protection.outlook.com/?url=https%3A%2F%2Flist > s.fedorahosted.org%2Farchives%2Flist%2Fsssd-users%40lists.fedorahosted > .org&data=02%7C01%7Cmoter%40austin.utexas.edu%7C1f2c72cd1e634f2043 > 6e08d7b097e7ed%7C31d7e2a5bdd8414e9e97bea998ebdfe1%7C1%7C1%7C6371720387 > 95857934&sdata=mRu15iYSrZKagsJs77178vKxa3A6aVq%2FIFzJIZo1jEE%3D&am > p;reserved=0 > >> This message is from an external sender. Learn more about why this << > >> matters at https://links.utexas.edu/rtyclf. << > _______________________________________________ > sssd-users mailing list -- [email protected] To > unsubscribe send an email to [email protected] > Fedora Code of Conduct: > https://nam05.safelinks.protection.outlook.com/?url=https%3A%2F%2Fdocs > .fedoraproject.org%2Fen-US%2Fproject%2Fcode-of-conduct%2F&data=02% > 7C01%7Cmoter%40austin.utexas.edu%7C1f2c72cd1e634f20436e08d7b097e7ed%7C > 31d7e2a5bdd8414e9e97bea998ebdfe1%7C1%7C0%7C637172038795857934&sdat > a=xsP01ReHvU%2Bb4iYB9RK9CUF%2FonjBnTHJVj8GWg04IcU%3D&reserved=0 > List Guidelines: > https://nam05.safelinks.protection.outlook.com/?url=https%3A%2F%2Ffedo > raproject.org%2Fwiki%2FMailing_list_guidelines&data=02%7C01%7Cmote > r%40austin.utexas.edu%7C1f2c72cd1e634f20436e08d7b097e7ed%7C31d7e2a5bdd > 8414e9e97bea998ebdfe1%7C1%7C1%7C637172038795857934&sdata=4z4neBp82 > Pt0qXho9s8iV6z%2BHbor5Mk2YQKrKlLPI9s%3D&reserved=0 > List Archives: > https://nam05.safelinks.protection.outlook.com/?url=https%3A%2F%2Flist > s.fedorahosted.org%2Farchives%2Flist%2Fsssd-users%40lists.fedorahosted > .org&data=02%7C01%7Cmoter%40austin.utexas.edu%7C1f2c72cd1e634f2043 > 6e08d7b097e7ed%7C31d7e2a5bdd8414e9e97bea998ebdfe1%7C1%7C1%7C6371720387 > 95867924&sdata=kZP%2BErxE13OEJzn7KkUeH%2B4kPR5j3%2B8E9iquHNJ8nb4%3 > D&reserved=0 _______________________________________________ sssd-users mailing list -- [email protected] To unsubscribe send an email to [email protected] Fedora Code of Conduct: https://nam05.safelinks.protection.outlook.com/?url=https%3A%2F%2Fdocs.fedoraproject.org%2Fen-US%2Fproject%2Fcode-of-conduct%2F&data=02%7C01%7Cmoter%40austin.utexas.edu%7C1f2c72cd1e634f20436e08d7b097e7ed%7C31d7e2a5bdd8414e9e97bea998ebdfe1%7C1%7C0%7C637172038795867924&sdata=mgENPkf6MZNspNICeqsMjQ%2B0pEpbwa4yL8ARXM3LrGU%3D&reserved=0 List Guidelines: https://nam05.safelinks.protection.outlook.com/?url=https%3A%2F%2Ffedoraproject.org%2Fwiki%2FMailing_list_guidelines&data=02%7C01%7Cmoter%40austin.utexas.edu%7C1f2c72cd1e634f20436e08d7b097e7ed%7C31d7e2a5bdd8414e9e97bea998ebdfe1%7C1%7C1%7C637172038795867924&sdata=cKhLK64Unnf1lF%2BxKEa1rgEqf57ArRaQIZW13c0BSk4%3D&reserved=0 List Archives: https://nam05.safelinks.protection.outlook.com/?url=https%3A%2F%2Flists.fedorahosted.org%2Farchives%2Flist%2Fsssd-users%40lists.fedorahosted.org&data=02%7C01%7Cmoter%40austin.utexas.edu%7C1f2c72cd1e634f20436e08d7b097e7ed%7C31d7e2a5bdd8414e9e97bea998ebdfe1%7C1%7C1%7C637172038795867924&sdata=kZP%2BErxE13OEJzn7KkUeH%2B4kPR5j3%2B8E9iquHNJ8nb4%3D&reserved=0 >> This message is from an external sender. Learn more about why this << >> matters at https://links.utexas.edu/rtyclf. << _______________________________________________ sssd-users mailing list -- [email protected] To unsubscribe send an email to [email protected] Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/[email protected]
