On Thu, Feb 13, 2020 at 03:26:38PM +0000, Mote, Todd wrote:
> Hmm.. will have to come up with something else for those hosts then...
> upgrade to 7+ I guess since EOL is Nov... maybe MS will wait until Nov to
> push the patch that turns on ldap signing? One can hope I guess.
Hi,
the alternatve would be to use 'id_provider = ldap' and 'ldap_uri =
ldaps://your_ad_dc.your.domain ...' to use LDAPS to connect to the AD
DC.
Additionally you have to set some other options to get a similar
behavior than 'id_provider = ad'. They are documented in the sssd-ad man
page of recent SSSD version in the 'MODIFIED DEFAULT OPTIONS' section.
For easier reference I list it here:
"""
MODIFIED DEFAULT OPTIONS
Certain option defaults do not match their respective backend
provider defaults, these option names and AD provider-specific defaults
are listed below:
KRB5 Provider
o krb5_validate = true
o krb5_use_enterprise_principal = true
LDAP Provider
o ldap_schema = ad
o ldap_force_upper_case_realm = true
o ldap_id_mapping = true
o ldap_sasl_mech = gssapi
o ldap_referrals = false
o ldap_account_expire_policy = ad
o ldap_use_tokengroups = true
"""
Finally some user and group attribute mappings must be changed. I think
this is not listed in a man page but you can find the needed option by
comparing the ldap default
https://pagure.io/SSSD/sssd/blob/master/f/src/providers/ldap/ldap_opts.c#_207
with the ad version
https://pagure.io/SSSD/sssd/blob/master/f/src/providers/ad/ad_opts.c#_193
bye,
Sumit
>
> Todd
>
> -----Original Message-----
> From: Sumit Bose <[email protected]>
> Sent: Thursday, February 13, 2020 9:17 AM
> To: End-user discussions about the System Security Services Daemon
> <[email protected]>
> Subject: [SSSD-users] Re: sssd 1.16.4. ADV190023.
>
> On Thu, Feb 13, 2020 at 03:10:31PM +0000, Mote, Todd wrote:
> > Tangentially, GSS-SPNEGO isn't available on RHEL 6, correct?
>
> Hi,
>
> not not available in RHEL-6, iirc it was added in RHEL-7.2 or RHEL-7.3.
>
> bye,
> Sumit
>
> >
> > Todd
> >
> > -----Original Message-----
> > From: Sumit Bose <[email protected]>
> > Sent: Thursday, February 13, 2020 8:51 AM
> > To: End-user discussions about the System Security Services Daemon
> > <[email protected]>
> > Subject: [SSSD-users] Re: sssd 1.16.4. ADV190023.
> >
> > On Thu, Feb 13, 2020 at 01:42:33PM +0000, Mote, Todd wrote:
> > > I'll work on getting that today. This is what I know so far.
> > >
> > >
> > >
> > > Test system updated through our Satellite, so nothing special or
> > > different. Yum updated everything:
> > >
> > > RHEL 7.7
> > >
> > > sssd-1.16.4-21.el7_7.1.x86_64
> > >
> > > adcli-0.8.1-9.el7.x86_64
> > >
> > >
> > >
> > > Domain:
> > >
> > > Windows Server 2016
> > >
> > > regkey ldapserverintegrity=2
> > >
> > > regkey ldapenforcechannelbinding=1
> > >
> > >
> > >
> > > we splunk our domain logs and my coworker wrote a dashboard to display
> > > the entries when either simple binds or unsigned sasl occur. Over the
> > > last 24 hours my test host triggered the unsigned sasl entry 13 times.
> > > Each entry corresponds precisely to the adcli check password attempt in
> > > the logs. It doesn't log an unsigned sasl event every hour, and a couple
> > > of times not at all for several hours. I'm not sure what's behind that.
> > > Times here are UTC -6. I’m in the 7:00 hour here. The most recent entry
> > > is below. I’ll work to get a trace running by the next hour, in case it
> > > logs it again.
> >
> > Hi,
> >
> > can you try to run the following ldapsearch commands and check which one
> > causes a message in the event log?
> >
> > ldapsearch -H cldap://ad-server.ADTEST.domain.com -b '' -s base
> > '(&(DnsDomain=ADTEST.domain.com)(NtVer=\14\00\00\00))' netlogon
> >
> > ldapsearch -H ldap://ad-server.ADTEST.domain.com -x -b '' -s
> > base '(&(DnsDomain=ADTEST.domain.com)(NtVer=\14\00\00\00))' netlogon
> >
> > ldapsearch -H ldap://ad-server.ADTEST.domain.com -x -b '' -s
> > base
> >
> > kinit '[email protected]'
> > ldapsearch -H ldap://ad-server.ADTEST.domain.com -Y GSSAPI -b ''
> > -s base
> >
> > kinit '[email protected]'
> > ldapsearch -H ldap://ad-server.ADTEST.domain.com -Y GSS-SPNEGO -b
> > '' -s base
> >
> > bye,
> > Sumit
> >
> > >
> > >
> > >
> > > This behavior also happens with RHEL 8, sssd 2.2 and adcli 0.8.2. I see
> > > the same entries logged in both the sssd log on the device and the domain.
> > >
> > >
> > > Timestamp<https://splunk.security.utexas.edu/en-US/app/ut_itsy-ad-mo
> > > ni
> > > toring/search?earliest=-24h%40h&latest=now&q=search%20%60ADlogs%60%2
> > > 0s
> > > ource%3D%22WinEventLog%3ADirectory%20Service%22%20EventCode%3D2889%2
> > > 0%
> > > 7C%20rex%20field%3DMessage%20%22(%3Fs)%5E(%3F%3CeMessage%3E.*%5C.)%5
> > > Cs
> > > *Client%20IP%20address%3A%5Cs*(%3F%3CClientIPAddress%3E.*)%3A(%3F%3C
> > > Po
> > > rt%3E%5Cd%2B)%5Cs*Identity%20the%20client%20attempted%20to%20authent
> > > ic
> > > ate%20as%3A%5Cs*(%3F%3CUserName%3E%5CS*)%5Cs*Binding%20Type%3A%5Cs*(
> > > %3
> > > F%3CBindingType%3E%5Cd)%24%22%20%7C%20eval%20Timestamp%3Dstrftime(_t
> > > im
> > > e%2C%20%22%25m-%25d-%25Y%20%25H%3A%25M%3A%25S%22)%20%7C%20lookup%20d
> > > ns
> > > lookup%20clientip%20as%20ClientIPAddress%20OUTPUT%20clienthost%20as%
> > > 20
> > > FQDN%20%7C%20search%20BindingType%3D*%20ClientIPAddress%3D146.6.182.
> > > 22
> > > 6%20%7C%20%20eval%20BindingType%3Dcase(BindingType%3D%3D0%2C%22Unsig
> > > ne
> > > d%20SASL%22%2CBindingType%3D%3D1%2C%22Simple%22)%20%7C%20sort%20-Tim
> > > es
> > > tamp%20%7C%20rename%20ClientIPAddress%20as%20%22Client%20IP%20Addres
> > > s%
> > > 22%2CUserName%20as%20%22User%20Name%22%2CBindingType%20as%20%22Bindi
> > > ng
> > > %20Type%22%20%7C%20table%20Timestamp%2C%22Client%20IP%20Address%22%2
> > > CF
> > > QDN%2C%22User%20Name%22%2C%22Binding%20Type%22&display.page.search.m
> > > od
> > > e=smart&dispatch.sample_ratio=1&display.page.search.tab=statistics&d
> > > is
> > > play.general.type=statistics&display.statistics.sortColumn=Timestamp
> > > &d
> > > isplay.statistics.sortDirection=desc&sid=1581600147.468973_8220FB8F-
> > > 01
> > > FA-4F7E-929B-F56DE7E31D3B> User
> > > Name<https://splunk.security.utexas.edu/en-US/app/ut_itsy-ad-monitor
> > > in
> > > g/search?earliest=-24h%40h&latest=now&q=search%20%60ADlogs%60%20sour
> > > ce
> > > %3D%22WinEventLog%3ADirectory%20Service%22%20EventCode%3D2889%20%7C%
> > > 20
> > > rex%20field%3DMessage%20%22(%3Fs)%5E(%3F%3CeMessage%3E.*%5C.)%5Cs*Cl
> > > ie
> > > nt%20IP%20address%3A%5Cs*(%3F%3CClientIPAddress%3E.*)%3A(%3F%3CPort%
> > > 3E
> > > %5Cd%2B)%5Cs*Identity%20the%20client%20attempted%20to%20authenticate
> > > %2
> > > 0as%3A%5Cs*(%3F%3CUserName%3E%5CS*)%5Cs*Binding%20Type%3A%5Cs*(%3F%3
> > > CB
> > > indingType%3E%5Cd)%24%22%20%7C%20eval%20Timestamp%3Dstrftime(_time%2
> > > C%
> > > 20%22%25m-%25d-%25Y%20%25H%3A%25M%3A%25S%22)%20%7C%20lookup%20dnsloo
> > > ku
> > > p%20clientip%20as%20ClientIPAddress%20OUTPUT%20clienthost%20as%20FQD
> > > N%
> > > 20%7C%20search%20BindingType%3D*%20ClientIPAddress%3D146.6.182.226%2
> > > 0%
> > > 7C%20%20eval%20BindingType%3Dcase(BindingType%3D%3D0%2C%22Unsigned%2
> > > 0S
> > > ASL%22%2CBindingType%3D%3D1%2C%22Simple%22)%20%7C%20sort%20-Timestam
> > > p%
> > > 20%7C%20rename%20ClientIPAddress%20as%20%22Client%20IP%20Address%22%
> > > 2C
> > > UserName%20as%20%22User%20Name%22%2CBindingType%20as%20%22Binding%20
> > > Ty
> > > pe%22%20%7C%20table%20Timestamp%2C%22Client%20IP%20Address%22%2CFQDN
> > > %2
> > > C%22User%20Name%22%2C%22Binding%20Type%22&display.page.search.mode=s
> > > ma
> > > rt&dispatch.sample_ratio=1&display.page.search.tab=statistics&display.
> > > general.type=statistics&display.statistics.sortColumn=Timestamp&disp
> > > la
> > > y.statistics.sortDirection=desc&sid=1581600147.468973_8220FB8F-01FA-
> > > 4F
> > > 7E-929B-F56DE7E31D3B> Binding
> > > Type<https://splunk.security.utexas.edu/en-US/app/ut_itsy-ad-monitor
> > > in
> > > g/search?earliest=-24h%40h&latest=now&q=search%20%60ADlogs%60%20sour
> > > ce
> > > %3D%22WinEventLog%3ADirectory%20Service%22%20EventCode%3D2889%20%7C%
> > > 20
> > > rex%20field%3DMessage%20%22(%3Fs)%5E(%3F%3CeMessage%3E.*%5C.)%5Cs*Cl
> > > ie
> > > nt%20IP%20address%3A%5Cs*(%3F%3CClientIPAddress%3E.*)%3A(%3F%3CPort%
> > > 3E
> > > %5Cd%2B)%5Cs*Identity%20the%20client%20attempted%20to%20authenticate
> > > %2
> > > 0as%3A%5Cs*(%3F%3CUserName%3E%5CS*)%5Cs*Binding%20Type%3A%5Cs*(%3F%3
> > > CB
> > > indingType%3E%5Cd)%24%22%20%7C%20eval%20Timestamp%3Dstrftime(_time%2
> > > C%
> > > 20%22%25m-%25d-%25Y%20%25H%3A%25M%3A%25S%22)%20%7C%20lookup%20dnsloo
> > > ku
> > > p%20clientip%20as%20ClientIPAddress%20OUTPUT%20clienthost%20as%20FQD
> > > N%
> > > 20%7C%20search%20BindingType%3D*%20ClientIPAddress%3D146.6.182.226%2
> > > 0%
> > > 7C%20%20eval%20BindingType%3Dcase(BindingType%3D%3D0%2C%22Unsigned%2
> > > 0S
> > > ASL%22%2CBindingType%3D%3D1%2C%22Simple%22)%20%7C%20sort%20-Timestam
> > > p%
> > > 20%7C%20rename%20ClientIPAddress%20as%20%22Client%20IP%20Address%22%
> > > 2C
> > > UserName%20as%20%22User%20Name%22%2CBindingType%20as%20%22Binding%20
> > > Ty
> > > pe%22%20%7C%20table%20Timestamp%2C%22Client%20IP%20Address%22%2CFQDN
> > > %2
> > > C%22User%20Name%22%2C%22Binding%20Type%22&display.page.search.mode=s
> > > ma
> > > rt&dispatch.sample_ratio=1&display.page.search.tab=statistics&display.
> > > general.type=statistics&display.statistics.sortColumn=Timestamp&disp
> > > la
> > > y.statistics.sortDirection=desc&sid=1581600147.468973_8220FB8F-01FA-
> > > 4F
> > > 7E-929B-F56DE7E31D3B>
> > > 02-13-2020 07:12:33
> > > ADTEST\ANTI-TEST$
> > > Unsigned SASL
> > > 02-13-2020 05:12:34
> > > ADTEST\ANTI-TEST$
> > > Unsigned SASL
> > > 02-13-2020 03:12:34
> > > ADTEST\ANTI-TEST$
> > > Unsigned SASL
> > > 02-13-2020 02:12:35
> > > ADTEST\ANTI-TEST$
> > > Unsigned SASL
> > > 02-13-2020 01:12:34
> > > ADTEST\ANTI-TEST$
> > > Unsigned SASL
> > > 02-12-2020 23:12:34
> > > ADTEST\ANTI-TEST$
> > > Unsigned SASL
> > > 02-12-2020 22:12:34
> > > ADTEST\ANTI-TEST$
> > > Unsigned SASL
> > > 02-12-2020 19:12:34
> > > ADTEST\ANTI-TEST$
> > > Unsigned SASL
> > > 02-12-2020 17:12:34
> > > ADTEST\ANTI-TEST$
> > > Unsigned SASL
> > > 02-12-2020 14:12:34
> > > ADTEST\ANTI-TEST$
> > > Unsigned SASL
> > > 02-12-2020 13:12:34
> > > ADTEST\ANTI-TEST$
> > > Unsigned SASL
> > > 02-12-2020 09:12:35
> > > ADTEST\ANTI-TEST$
> > > Unsigned SASL
> > > 02-12-2020 08:12:34
> > > ADTEST\ANTI-TEST$
> > > Unsigned SASL
> > >
> > >
> > >
> > >
> > >
> > > (Thu Feb 13 07:12:33 2020) [sssd[be[adtest.domain.com]]]
> > > [ad_machine_account_password_renewal_done] (0x1000): --- adcli
> > > output
> > > start---
> > >
> > > * Found realm in keytab: ADTEST.domain.com
> > >
> > > * Found computer name in keytab: ANTI-TEST
> > >
> > > * Found service principal in keytab: host/ANTI-TEST
> > >
> > > * Found service principal in keytab:
> > > host/anti-test.adtest.domain.com
> > >
> > > * Found host qualified name in keytab: anti-test.adtest.domain.com
> > >
> > > * Found service principal in keytab: RestrictedKrbHost/ANTI-TEST
> > >
> > > * Found service principal in keytab:
> > > RestrictedKrbHost/anti-test.adtest.domain.com
> > >
> > > * Using fully qualified name: anti-test.adtest.domain.com
> > >
> > > * Using domain name: adtest.domain.com
> > >
> > > * Calculated computer account name from fqdn: ANTI-TEST
> > >
> > > * Using domain realm: adtest.domain.com
> > >
> > > * Sending netlogon pings to domain controller: cldap://
> > > xxx.xxx.xxx.xxx
> > >
> > > * Received NetLogon info from: dc01a.adtest.domain.com
> > >
> > > * Wrote out krb5.conf snippet to
> > > /tmp/adcli-krb5-RCmgmC/krb5.d/adcli-krb5-conf-vPdhBf
> > >
> > > * Authenticated as default/reset computer account: ANTI-TEST
> > >
> > > * Looked up short domain name: ADTEST
> > >
> > > * Looked up domain SID: S-1-5-21-xxxxxxxxxx-xxxxxxxxxx-xxxxxxxxx
> > >
> > > * Using fully qualified name: anti-test.adtest.domain.com
> > >
> > > * Using domain name: adtest.domain.com
> > >
> > > * Using computer account name: ANTI-TEST
> > >
> > > * Using domain realm: adtest.domain.com
> > >
> > > * Using fully qualified name: anti-test.adtest.domain.com
> > >
> > > * Enrolling computer name: ANTI-TEST
> > >
> > > * Generated 120 character computer password
> > >
> > > * Using keytab: FILE:/etc/krb5.keytab
> > >
> > > * Found computer account for ANTI-TEST$ at:
> > > CN=ANTI-TEST,OU=Dev,OU=Linux,OU=moter,OU=ITSY-Staff,OU=ITSY,OU=Depar
> > > tm
> > > ents,DC=adtest,DC=domain,DC=com
> > >
> > > * Retrieved kvno '6' for computer account in directory:
> > > CN=ANTI-TEST,OU=Dev,OU=Linux,OU=moter,OU=ITSY-Staff,OU=ITSY,OU=Depar
> > > tm
> > > ents,DC=adtest,DC=domain,DC=com
> > >
> > > * Password not too old, no change needed
> > >
> > > * Sending netlogon pings to domain controller:
> > > cldap://xxx.xxx.xxx.xxx
> > >
> > > * Received NetLogon info from: dc01a.adtest.domain.com
> > >
> > > * Checking RestrictedKrbHost/anti-test.adtest.domain.com
> > >
> > > * Added RestrictedKrbHost/anti-test.adtest.domain.com
> > >
> > > * Checking host/anti-test.adtest.domain.com
> > >
> > > * Added host/anti-test.adtest.domain.com
> > >
> > > * Checking RestrictedKrbHost/ANTI-TEST
> > >
> > > * Added RestrictedKrbHost/ANTI-TEST
> > >
> > > * Checking host/ANTI-TEST
> > >
> > > * Added host/ANTI-TEST
> > >
> > > ---adcli output end---
> > >
> > >
> > >
> > > Todd
> > >
> > >
> > >
> > > -----Original Message-----
> > > From: Sumit Bose <[email protected]>
> > > Sent: Thursday, February 13, 2020 1:36 AM
> > > To: [email protected]
> > > Subject: [SSSD-users] Re: sssd 1.16.4. ADV190023.
> > >
> > >
> > >
> > > On Wed, Feb 12, 2020 at 01:11:14PM +0000, Mote, Todd wrote:
> > >
> > > > Sumit
> > >
> > > >
> > >
> > > > Any idea on when your SASL/GSS-SPNEGO patch for adcli might make it
> > > > downstream? It seems that adcli is checking once an hour on the age of
> > > > the password and is the only thing left on my test hosts that is
> > > > triggering the Unsigned SASL event on our domain controllers. I have
> > > > tinkered with the GSSAPI and other settings in ldap.conf, so none of
> > > > the connections are simple, just unsigned, which isn't terrible, but
> > > > it'd be nice to eliminate them altogether, ya know?
> > >
> > >
> > >
> > > Hi,
> > >
> > >
> > >
> > > they are planned for the next RHEL releases and I'm about to prepare
> > > Fedora packages.
> > >
> > >
> > >
> > > I did some tests with older RHEL7 versions and didn't come across issues
> > > even with only SASL/GSSAPI when I enforce channel binding and LDAP
> > > signing on AD. Would it be possible to send a network trace which covers
> > > the connection attempt of adcli which causes the issue?
> > >
> > >
> > >
> > > bye,
> > >
> > > Sumit
> > >
> > >
> > >
> > > >
> > >
> > > > Todd
> > >
> > > >
> > >
> > > > -----Original Message-----
> > >
> > > > From: Sumit Bose <[email protected]<mailto:[email protected]>>
> > >
> > > > Sent: Thursday, February 6, 2020 10:18 AM
> > >
> > > > To:
> > > > [email protected]<mailto:[email protected]
> > > > st
> > > > ed.org>
> > >
> > > > Subject: [SSSD-users] Re: sssd 1.16.4. ADV190023.
> > >
> > > >
> > >
> > > > On Thu, Feb 06, 2020 at 03:05:13PM +0000, Ondrej Valousek wrote:
> > >
> > > > > did you try refreshing the machine password in AD?Looks like it's too
> > > > > old.
> > >
> > > > > O.
> > >
> > > > > ________________________________
> > >
> > > > > From: David David <[email protected]<mailto:[email protected]>>
> > >
> > > > > Sent: Thursday, February 6, 2020 12:09 PM
> > >
> > > > > To:
> > > > > [email protected]<mailto:[email protected]
> > > > > ho
> > > > > sted.org>
> > >
> > > > > <[email protected]<mailto:[email protected]
> > > > > ah
> > > > > osted.org>>
> > >
> > > > > Subject: [SSSD-users] sssd 1.16.4. ADV190023.
> > >
> > > > >
> > >
> > > > > Hello,
> > >
> > > > > i guess that you probably heard about ADV190023. Our AD admin told me
> > > > > that linux servers which are under my responsibility send an unsigned
> > > > > request to AD, what could be a problem related to this incomming Ad
> > > > > patch:
> > > > > https://nam05.safelinks.protection.outlook.com/?url=https%3A%2F%2Fsupport.microsoft.com%2Fen-us%2Fhelp%2F4520412%2F2020-ldap-channel-binding-and-ldap-signing-requirement-for-windows&data=02%7C01%7Cmoter%40austin.utexas.edu%7C1f2c72cd1e634f20436e08d7b097e7ed%7C31d7e2a5bdd8414e9e97bea998ebdfe1%7C1%7C0%7C637172038795847937&sdata=%2FUAQUqYQscz1l4sM83oUFORLq%2FCsp58RK9Vc8sdBNtc%3D&reserved=0.
> > >
> > > > >
> > >
> > > > > I am using sssd in "sssd-ad mode." The communication between a linux
> > > > > servers and our AD is crypted by kerberos, so this should be ok.
> > >
> > > > >
> > >
> > > > > I found only one kind of request which could result in potential
> > > > > failure. After mentioned patching implementation. See please below:
> > >
> > > > >
> > >
> > > > > (Wed Feb 5 16:57:21 2020) [sssd[be[AD]]] [be_ptask_execute] (0x0400):
> > >
> > > > > Task [AD machine account password renewal]: executing task,
> > > > > timeout
> > >
> > > > > 60 seconds (Wed Feb 5 16:57:21 2020) [sssd[be[AD]]]
> > > > > [be_ptask_done]
> > >
> > > > > (0x0400): Task [AD machine account password renewal]: finished
> > >
> > > > > successfully (Wed Feb 5 16:57:21 2020) [sssd[be[AD]]]
> > >
> > > > > [be_ptask_schedule] (0x0400): Task [AD machine account password
> > >
> > > > > renewal]: scheduling task 86400 seconds from last
> > >
> > > >
> > >
> > > > Hi,
> > >
> > > >
> > >
> > > > Ondrej is right, those messages are related to adcli trying to
> > > > update
> > >
> > > > the machine account password if it is too old. To check when the
> > >
> > > > password was last updated adcli uses LDAP with SASL/GSSAPI. I've
> > > > added
> > >
> > > > a patch so that SASL/GSS-SPNEGO is used when it is available in
> > > > the AD
> > >
> > > > DC side
> > >
> > > > https://nam05.safelinks.protection.outlook.com/?url=https%3A%2F%2F
> > > > gi
> > > > tl
> > >
> > > > ab.freedesktop.org%2Frealmd%2Fadcli%2Fcommit%2Fa6f795ba3d6048b32d7
> > > > 86
> > > > 34
> > >
> > > > 68688bf7f42b2cafd&data=02%7C01%7Cmoter%40austin.utexas.edu%7C8
> > > > 77
> > > > 19
> > >
> > > > 229ad54467ff98808d7b0576033%7C31d7e2a5bdd8414e9e97bea998ebdfe1%7C1
> > > > %7
> > > > C1
> > >
> > > > %7C637171761658405405&sdata=rPcG9mknHufVZUy6ege6n2vx%2B1Hy5XQh
> > > > Dn
> > > > 7H
> > >
> > > > 8ugqlzA%3D&reserved=0 With SASL/GSS-SPNEGO all requirements
> > > > are
> > >
> > > > negotiated automatically and signing should be switched on if required.
> > >
> > > >
> > >
> > > > With SASL/GSSAPI you might be able to tune this manually, see e.g. the
> > > > SASL and GSSAPI options in man ldap.conf for details.
> > >
> > > >
> > >
> > > > There is also a patch for adcli which tells adcli to use ldaps
> > >
> > > > https://nam05.safelinks.protection.outlook.com/?url=https%3A%2F%2F
> > > > gi
> > > > tl
> > >
> > > > ab.freedesktop.org%2Frealmd%2Fadcli%2Fcommit%2F85097245b57f1903372
> > > > 25
> > > > db
> > >
> > > > dbf6e33b58616c092&data=02%7C01%7Cmoter%40austin.utexas.edu%7C8
> > > > 77
> > > > 19
> > >
> > > > 229ad54467ff98808d7b0576033%7C31d7e2a5bdd8414e9e97bea998ebdfe1%7C1
> > > > %7
> > > > C1
> > >
> > > > %7C637171761658405405&sdata=9dY6eOGTKimEYqydWbRFROldOTNRM16t1c
> > > > ae
> > > > Uh
> > >
> > > > bBTiY%3D&reserved=0 but this is currently not used by SSSD.
> > > > And in
> > >
> > > > general I think using GSS-SPNEGO is sufficient since there is no
> > > > requirement to switch to ldaps (if I read the advisory correctly) and
> > > > AD does not enable ldaps by default as well.
> > >
> > > >
> > >
> > > > bye,
> > >
> > > > Sumit
> > >
> > > >
> > >
> > > > >
> > >
> > > > > Everytime, this task is executed, our AD write into its log that an
> > > > > unsighned request came from my linux server. I tried to set
> > > > > ldap_tls_cert and ldap_tls_key into sssd.conf which point to the cert
> > > > > and key generated by our AD, but without success.
> > >
> > > > >
> > >
> > > > > I tried to find a proper solution how to sign the request that AD
> > > > > stop complaining, but nothing usefull found.
> > >
> > > > >
> > >
> > > > > My question is. Should I be affraid that after the patching, our AD
> > > > > will stop to communicate with my linux servers?
> > >
> > > > >
> > >
> > > > > Really thanks in advance for your answer. I really appreciate your
> > > > > effort.
> > >
> > > > > _______________________________________________
> > >
> > > > > sssd-users mailing list --
> > > > > [email protected]<mailto:[email protected]
> > > > > ho
> > > > > sted.org> To
> > >
> > > > > unsubscribe send an email to
> > > > > [email protected]<mailto:sssd-users-leave@
> > > > > li
> > > > > sts.fedorahosted.org>
> > >
> > > > > Fedora Code of Conduct:
> > >
> > > > > https://nam05.safelinks.protection.outlook.com/?url=https%3A%2F%
> > > > > 2F
> > > > > do
> > >
> > > > > cs
> > >
> > > > > .fedoraproject.org%2Fen-US%2Fproject%2Fcode-of-conduct%2F&da
> > > > > ta
> > > > > =0
> > >
> > > > > 2%
> > >
> > > > > 7C01%7Cmoter%40austin.utexas.edu%7Cc0f76fa86d4d42c2aef608d7ab204
> > > > > bc
> > > > > 2%
> > >
> > > > > 7C
> > >
> > > > > 31d7e2a5bdd8414e9e97bea998ebdfe1%7C1%7C0%7C637166027507304667&am
> > > > > p;
> > > > > sd
> > >
> > > > > at
> > >
> > > > > a=v3APmwlHF3i9zi1WE950DEAqCMJCirnyPC4YyF2xJPQ%3D&reserved=0
> > >
> > > > > List Guidelines:
> > >
> > > > > https://nam05.safelinks.protection.outlook.com/?url=https%3A%2F%
> > > > > 2F
> > > > > fe
> > >
> > > > > do
> > >
> > > > > raproject.org%2Fwiki%2FMailing_list_guidelines&data=02%7C01%
> > > > > 7C
> > > > > mo
> > >
> > > > > te
> > >
> > > > > r%40austin.utexas.edu%7Cc0f76fa86d4d42c2aef608d7ab204bc2%7C31d7e
> > > > > 2a
> > > > > 5b
> > >
> > > > > dd
> > >
> > > > > 8414e9e97bea998ebdfe1%7C1%7C0%7C637166027507304667&sdata=QUg
> > > > > cp
> > > > > i8
> > >
> > > > > 2T
> > >
> > > > > TRy7qanAkjRey8ZpC2GDy7%2BJ7yXeOrtb8I%3D&reserved=0
> > >
> > > > > List Archives:
> > >
> > > > > https://nam05.safelinks.protection.outlook.com/?url=https%3A%2F%
> > > > > 2F
> > > > > li
> > >
> > > > > st
> > >
> > > > > s.fedorahosted.org%2Farchives%2Flist%2Fsssd-users%40lists.fedora
> > > > > ho
> > > > > st
> > >
> > > > > ed
> > >
> > > > > .org&data=02%7C01%7Cmoter%40austin.utexas.edu%7Cc0f76fa86d4d
> > > > > 42
> > > > > c2
> > >
> > > > > ae
> > >
> > > > > f608d7ab204bc2%7C31d7e2a5bdd8414e9e97bea998ebdfe1%7C1%7C0%7C6371
> > > > > 66
> > > > > 02
> > >
> > > > > 75
> > >
> > > > > 07314661&sdata=oDU3WxA3dStxFQ09%2Fc8qU7qGh1P5w3a9rSe9trG8%2B
> > > > > x4
> > > > > %3
> > >
> > > > > D&
> > >
> > > > > amp;reserved=0
> > >
> > > >
> > >
> > > > > _______________________________________________
> > >
> > > > > sssd-users mailing list --
> > > > > [email protected]<mailto:[email protected]
> > > > > ho
> > > > > sted.org> To
> > >
> > > > > unsubscribe send an email to
> > > > > [email protected]<mailto:sssd-users-leave@
> > > > > li
> > > > > sts.fedorahosted.org>
> > >
> > > > > Fedora Code of Conduct:
> > >
> > > > > https://nam05.safelinks.protection.outlook.com/?url=https%3A%2F%
> > > > > 2F
> > > > > do
> > >
> > > > > cs
> > >
> > > > > .fedoraproject.org%2Fen-US%2Fproject%2Fcode-of-conduct%2F&da
> > > > > ta
> > > > > =0
> > >
> > > > > 2%
> > >
> > > > > 7C01%7Cmoter%40austin.utexas.edu%7Cc0f76fa86d4d42c2aef608d7ab204
> > > > > bc
> > > > > 2%
> > >
> > > > > 7C
> > >
> > > > > 31d7e2a5bdd8414e9e97bea998ebdfe1%7C1%7C0%7C637166027507314661&am
> > > > > p;
> > > > > sd
> > >
> > > > > at
> > >
> > > > > a=b%2Fu1IXQ%2F42XEq3c6DYwzTyYno4azJb3qvUtPiZmOdrc%3D&reserve
> > > > > d=
> > > > > 0
> > >
> > > > > List Guidelines:
> > >
> > > > > https://nam05.safelinks.protection.outlook.com/?url=https%3A%2F%
> > > > > 2F
> > > > > fe
> > >
> > > > > do
> > >
> > > > > raproject.org%2Fwiki%2FMailing_list_guidelines&data=02%7C01%
> > > > > 7C
> > > > > mo
> > >
> > > > > te
> > >
> > > > > r%40austin.utexas.edu%7Cc0f76fa86d4d42c2aef608d7ab204bc2%7C31d7e
> > > > > 2a
> > > > > 5b
> > >
> > > > > dd
> > >
> > > > > 8414e9e97bea998ebdfe1%7C1%7C0%7C637166027507314661&sdata=CIJ
> > > > > al
> > > > > 5z
> > >
> > > > > 4E
> > >
> > > > > nNOIQFsuveKmlEK1wMzIx79ZaXavinrtsk%3D&reserved=0
> > >
> > > > > List Archives:
> > >
> > > > > https://nam05.safelinks.protection.outlook.com/?url=https%3A%2F%
> > > > > 2F
> > > > > li
> > >
> > > > > st
> > >
> > > > > s.fedorahosted.org%2Farchives%2Flist%2Fsssd-users%40lists.fedora
> > > > > ho
> > > > > st
> > >
> > > > > ed
> > >
> > > > > .org&data=02%7C01%7Cmoter%40austin.utexas.edu%7Cc0f76fa86d4d
> > > > > 42
> > > > > c2
> > >
> > > > > ae
> > >
> > > > > f608d7ab204bc2%7C31d7e2a5bdd8414e9e97bea998ebdfe1%7C1%7C0%7C6371
> > > > > 66
> > > > > 02
> > >
> > > > > 75
> > >
> > > > > 07314661&sdata=oDU3WxA3dStxFQ09%2Fc8qU7qGh1P5w3a9rSe9trG8%2B
> > > > > x4
> > > > > %3
> > >
> > > > > D&
> > >
> > > > > amp;reserved=0
> > >
> > > > _______________________________________________
> > >
> > > > sssd-users mailing list --
> > > > [email protected]<mailto:[email protected]
> > > > st
> > > > ed.org> To
> > >
> > > > unsubscribe send an email to
> > > > [email protected]<mailto:sssd-users-leave@li
> > > > st
> > > > s.fedorahosted.org>
> > >
> > > > Fedora Code of Conduct:
> > >
> > > > https://nam05.safelinks.protection.outlook.com/?url=https%3A%2F%2F
> > > > do
> > > > cs
> > >
> > > > .fedoraproject.org%2Fen-US%2Fproject%2Fcode-of-conduct%2F&data
> > > > =0
> > > > 2%
> > >
> > > > 7C01%7Cmoter%40austin.utexas.edu%7C87719229ad54467ff98808d7b057603
> > > > 3%
> > > > 7C
> > >
> > > > 31d7e2a5bdd8414e9e97bea998ebdfe1%7C1%7C1%7C637171761658415397&
> > > > sd
> > > > at
> > >
> > > > a=CY5%2B8lrh6B9UIqXNYXSzpIyeRI93sHge9cuKB8KDBdk%3D&reserved=0
> > >
> > > > List Guidelines:
> > >
> > > > https://nam05.safelinks.protection.outlook.com/?url=https%3A%2F%2F
> > > > fe
> > > > do
> > >
> > > > raproject.org%2Fwiki%2FMailing_list_guidelines&data=02%7C01%7C
> > > > mo
> > > > te
> > >
> > > > r%40austin.utexas.edu%7C87719229ad54467ff98808d7b0576033%7C31d7e2a
> > > > 5b
> > > > dd
> > >
> > > > 8414e9e97bea998ebdfe1%7C1%7C1%7C637171761658415397&sdata=uFxkG
> > > > T3
> > > > GV
> > >
> > > > Y3moV7TxfDo%2BNHyz%2B8AUbVpApIxs3PTmzs%3D&reserved=0
> > >
> > > > List Archives:
> > >
> > > > https://nam05.safelinks.protection.outlook.com/?url=https%3A%2F%2F
> > > > li
> > > > st
> > >
> > > > s.fedorahosted.org%2Farchives%2Flist%2Fsssd-users%40lists.fedoraho
> > > > st
> > > > ed
> > >
> > > > .org&data=02%7C01%7Cmoter%40austin.utexas.edu%7C87719229ad5446
> > > > 7f
> > > > f9
> > >
> > > > 8808d7b0576033%7C31d7e2a5bdd8414e9e97bea998ebdfe1%7C1%7C1%7C637171
> > > > 76
> > > > 16
> > >
> > > > 58415397&sdata=qZHqxPWZzftm51GK%2F29gM3NM9f5QnsoRQE2kqWGs3Os%3
> > > > D&
> > > > am
> > >
> > > > p;reserved=0
> > >
> > > > >> This message is from an external sender. Learn more about why
> > > > >> this <<
> > >
> > > > >> matters at https://links.utexas.edu/rtyclf. <<
> > >
> > > > _______________________________________________
> > >
> > > > sssd-users mailing list --
> > > > [email protected]<mailto:[email protected]
> > > > st
> > > > ed.org> To
> > >
> > > > unsubscribe send an email to
> > > > [email protected]<mailto:sssd-users-leave@li
> > > > st
> > > > s.fedorahosted.org>
> > >
> > > > Fedora Code of Conduct:
> > >
> > > > https://nam05.safelinks.protection.outlook.com/?url=https%3A%2F%2F
> > > > do
> > > > cs
> > >
> > > > .fedoraproject.org%2Fen-US%2Fproject%2Fcode-of-conduct%2F&data
> > > > =0
> > > > 2%
> > >
> > > > 7C01%7Cmoter%40austin.utexas.edu%7C87719229ad54467ff98808d7b057603
> > > > 3%
> > > > 7C
> > >
> > > > 31d7e2a5bdd8414e9e97bea998ebdfe1%7C1%7C1%7C637171761658415397&
> > > > sd
> > > > at
> > >
> > > > a=CY5%2B8lrh6B9UIqXNYXSzpIyeRI93sHge9cuKB8KDBdk%3D&reserved=0
> > >
> > > > List Guidelines:
> > >
> > > > https://nam05.safelinks.protection.outlook.com/?url=https%3A%2F%2F
> > > > fe
> > > > do
> > >
> > > > raproject.org%2Fwiki%2FMailing_list_guidelines&data=02%7C01%7C
> > > > mo
> > > > te
> > >
> > > > r%40austin.utexas.edu%7C87719229ad54467ff98808d7b0576033%7C31d7e2a
> > > > 5b
> > > > dd
> > >
> > > > 8414e9e97bea998ebdfe1%7C1%7C1%7C637171761658415397&sdata=uFxkG
> > > > T3
> > > > GV
> > >
> > > > Y3moV7TxfDo%2BNHyz%2B8AUbVpApIxs3PTmzs%3D&reserved=0
> > >
> > > > List Archives:
> > >
> > > > https://nam05.safelinks.protection.outlook.com/?url=https%3A%2F%2F
> > > > li
> > > > st
> > >
> > > > s.fedorahosted.org%2Farchives%2Flist%2Fsssd-users%40lists.fedoraho
> > > > st
> > > > ed
> > >
> > > > .org&data=02%7C01%7Cmoter%40austin.utexas.edu%7C87719229ad5446
> > > > 7f
> > > > f9
> > >
> > > > 8808d7b0576033%7C31d7e2a5bdd8414e9e97bea998ebdfe1%7C1%7C1%7C637171
> > > > 76
> > > > 16
> > >
> > > > 58415397&sdata=qZHqxPWZzftm51GK%2F29gM3NM9f5QnsoRQE2kqWGs3Os%3
> > > > D&
> > > > am
> > >
> > > > p;reserved=0
> > >
> > > _______________________________________________
> > >
> > > sssd-users mailing list --
> > > [email protected]<mailto:[email protected]
> > > ed .org> To unsubscribe send an email to
> > > [email protected]<mailto:sssd-users-leave@lists.
> > > fedorahosted.org>
> > >
> > > Fedora Code of Conduct:
> > > https://nam05.safelinks.protection.outlook.com/?url=https%3A%2F%2Fdo
> > > cs
> > > .fedoraproject.org%2Fen-US%2Fproject%2Fcode-of-conduct%2F&data=0
> > > 2%
> > > 7C01%7Cmoter%40austin.utexas.edu%7C282ee4414b1242200e5908d7b0944929%
> > > 7C
> > > 31d7e2a5bdd8414e9e97bea998ebdfe1%7C1%7C0%7C637172023246950934&sd
> > > at
> > > a=vSoy%2BB6PumDUGbPgpbIip%2F4NVQSev5zeLn5q6czf7Iw%3D&reserved=0
> > >
> > > List Guidelines:
> > > https://nam05.safelinks.protection.outlook.com/?url=https%3A%2F%2Ffe
> > > do
> > > raproject.org%2Fwiki%2FMailing_list_guidelines&data=02%7C01%7Cmo
> > > te
> > > r%40austin.utexas.edu%7C282ee4414b1242200e5908d7b0944929%7C31d7e2a5b
> > > dd
> > > 8414e9e97bea998ebdfe1%7C1%7C1%7C637172023246960925&sdata=zH1dfRZ
> > > EX
> > > 1IkkAWUBORT62TbdyCptLfFTR0LXj6YKAo%3D&reserved=0
> > >
> > > List Archives:
> > > https://nam05.safelinks.protection.outlook.com/?url=https%3A%2F%2Fli
> > > st
> > > s.fedorahosted.org%2Farchives%2Flist%2Fsssd-users%40lists.fedorahost
> > > ed
> > > .org&data=02%7C01%7Cmoter%40austin.utexas.edu%7C282ee4414b124220
> > > 0e
> > > 5908d7b0944929%7C31d7e2a5bdd8414e9e97bea998ebdfe1%7C1%7C1%7C63717202
> > > 32
> > > 46960925&sdata=9TGUHFXcI%2F%2B%2F8mbnbSrdiYYlghMPkddrwQ3jS%2FB%2
> > > BJ
> > > 1g%3D&reserved=0
> > >
> > > >> This message is from an external sender. Learn more about why
> > > >> this <<
> > >
> > > >> matters at https://links.utexas.edu/rtyclf. <<
> >
> > > _______________________________________________
> > > sssd-users mailing list -- [email protected] To
> > > unsubscribe send an email to [email protected]
> > > Fedora Code of Conduct:
> > > https://nam05.safelinks.protection.outlook.com/?url=https%3A%2F%2Fdo
> > > cs
> > > .fedoraproject.org%2Fen-US%2Fproject%2Fcode-of-conduct%2F&data=0
> > > 2%
> > > 7C01%7Cmoter%40austin.utexas.edu%7C282ee4414b1242200e5908d7b0944929%
> > > 7C
> > > 31d7e2a5bdd8414e9e97bea998ebdfe1%7C1%7C0%7C637172023246960925&sd
> > > at
> > > a=9uSFPFkpIr5qK0W13Hes8pno8hu3WC0E1jqGkcCLTrQ%3D&reserved=0
> > > List Guidelines:
> > > https://nam05.safelinks.protection.outlook.com/?url=https%3A%2F%2Ffe
> > > do
> > > raproject.org%2Fwiki%2FMailing_list_guidelines&data=02%7C01%7Cmo
> > > te
> > > r%40austin.utexas.edu%7C282ee4414b1242200e5908d7b0944929%7C31d7e2a5b
> > > dd
> > > 8414e9e97bea998ebdfe1%7C1%7C1%7C637172023246960925&sdata=zH1dfRZ
> > > EX
> > > 1IkkAWUBORT62TbdyCptLfFTR0LXj6YKAo%3D&reserved=0
> > > List Archives:
> > > https://nam05.safelinks.protection.outlook.com/?url=https%3A%2F%2Fli
> > > st
> > > s.fedorahosted.org%2Farchives%2Flist%2Fsssd-users%40lists.fedorahost
> > > ed
> > > .org&data=02%7C01%7Cmoter%40austin.utexas.edu%7C282ee4414b124220
> > > 0e
> > > 5908d7b0944929%7C31d7e2a5bdd8414e9e97bea998ebdfe1%7C1%7C1%7C63717202
> > > 32
> > > 46960925&sdata=9TGUHFXcI%2F%2B%2F8mbnbSrdiYYlghMPkddrwQ3jS%2FB%2
> > > BJ
> > > 1g%3D&reserved=0
> > _______________________________________________
> > sssd-users mailing list -- [email protected] To
> > unsubscribe send an email to [email protected]
> > Fedora Code of Conduct:
> > https://nam05.safelinks.protection.outlook.com/?url=https%3A%2F%2Fdocs
> > .fedoraproject.org%2Fen-US%2Fproject%2Fcode-of-conduct%2F&data=02%
> > 7C01%7Cmoter%40austin.utexas.edu%7C1f2c72cd1e634f20436e08d7b097e7ed%7C
> > 31d7e2a5bdd8414e9e97bea998ebdfe1%7C1%7C0%7C637172038795857934&sdat
> > a=xsP01ReHvU%2Bb4iYB9RK9CUF%2FonjBnTHJVj8GWg04IcU%3D&reserved=0
> > List Guidelines:
> > https://nam05.safelinks.protection.outlook.com/?url=https%3A%2F%2Ffedo
> > raproject.org%2Fwiki%2FMailing_list_guidelines&data=02%7C01%7Cmote
> > r%40austin.utexas.edu%7C1f2c72cd1e634f20436e08d7b097e7ed%7C31d7e2a5bdd
> > 8414e9e97bea998ebdfe1%7C1%7C1%7C637172038795857934&sdata=4z4neBp82
> > Pt0qXho9s8iV6z%2BHbor5Mk2YQKrKlLPI9s%3D&reserved=0
> > List Archives:
> > https://nam05.safelinks.protection.outlook.com/?url=https%3A%2F%2Flist
> > s.fedorahosted.org%2Farchives%2Flist%2Fsssd-users%40lists.fedorahosted
> > .org&data=02%7C01%7Cmoter%40austin.utexas.edu%7C1f2c72cd1e634f2043
> > 6e08d7b097e7ed%7C31d7e2a5bdd8414e9e97bea998ebdfe1%7C1%7C1%7C6371720387
> > 95857934&sdata=mRu15iYSrZKagsJs77178vKxa3A6aVq%2FIFzJIZo1jEE%3D&am
> > p;reserved=0
> > >> This message is from an external sender. Learn more about why this <<
> > >> matters at https://links.utexas.edu/rtyclf. <<
> > _______________________________________________
> > sssd-users mailing list -- [email protected] To
> > unsubscribe send an email to [email protected]
> > Fedora Code of Conduct:
> > https://nam05.safelinks.protection.outlook.com/?url=https%3A%2F%2Fdocs
> > .fedoraproject.org%2Fen-US%2Fproject%2Fcode-of-conduct%2F&data=02%
> > 7C01%7Cmoter%40austin.utexas.edu%7C1f2c72cd1e634f20436e08d7b097e7ed%7C
> > 31d7e2a5bdd8414e9e97bea998ebdfe1%7C1%7C0%7C637172038795857934&sdat
> > a=xsP01ReHvU%2Bb4iYB9RK9CUF%2FonjBnTHJVj8GWg04IcU%3D&reserved=0
> > List Guidelines:
> > https://nam05.safelinks.protection.outlook.com/?url=https%3A%2F%2Ffedo
> > raproject.org%2Fwiki%2FMailing_list_guidelines&data=02%7C01%7Cmote
> > r%40austin.utexas.edu%7C1f2c72cd1e634f20436e08d7b097e7ed%7C31d7e2a5bdd
> > 8414e9e97bea998ebdfe1%7C1%7C1%7C637172038795857934&sdata=4z4neBp82
> > Pt0qXho9s8iV6z%2BHbor5Mk2YQKrKlLPI9s%3D&reserved=0
> > List Archives:
> > https://nam05.safelinks.protection.outlook.com/?url=https%3A%2F%2Flist
> > s.fedorahosted.org%2Farchives%2Flist%2Fsssd-users%40lists.fedorahosted
> > .org&data=02%7C01%7Cmoter%40austin.utexas.edu%7C1f2c72cd1e634f2043
> > 6e08d7b097e7ed%7C31d7e2a5bdd8414e9e97bea998ebdfe1%7C1%7C1%7C6371720387
> > 95867924&sdata=kZP%2BErxE13OEJzn7KkUeH%2B4kPR5j3%2B8E9iquHNJ8nb4%3
> > D&reserved=0
> _______________________________________________
> sssd-users mailing list -- [email protected] To unsubscribe
> send an email to [email protected]
> Fedora Code of Conduct:
> https://nam05.safelinks.protection.outlook.com/?url=https%3A%2F%2Fdocs.fedoraproject.org%2Fen-US%2Fproject%2Fcode-of-conduct%2F&data=02%7C01%7Cmoter%40austin.utexas.edu%7C1f2c72cd1e634f20436e08d7b097e7ed%7C31d7e2a5bdd8414e9e97bea998ebdfe1%7C1%7C0%7C637172038795867924&sdata=mgENPkf6MZNspNICeqsMjQ%2B0pEpbwa4yL8ARXM3LrGU%3D&reserved=0
> List Guidelines:
> https://nam05.safelinks.protection.outlook.com/?url=https%3A%2F%2Ffedoraproject.org%2Fwiki%2FMailing_list_guidelines&data=02%7C01%7Cmoter%40austin.utexas.edu%7C1f2c72cd1e634f20436e08d7b097e7ed%7C31d7e2a5bdd8414e9e97bea998ebdfe1%7C1%7C1%7C637172038795867924&sdata=cKhLK64Unnf1lF%2BxKEa1rgEqf57ArRaQIZW13c0BSk4%3D&reserved=0
> List Archives:
> https://nam05.safelinks.protection.outlook.com/?url=https%3A%2F%2Flists.fedorahosted.org%2Farchives%2Flist%2Fsssd-users%40lists.fedorahosted.org&data=02%7C01%7Cmoter%40austin.utexas.edu%7C1f2c72cd1e634f20436e08d7b097e7ed%7C31d7e2a5bdd8414e9e97bea998ebdfe1%7C1%7C1%7C637172038795867924&sdata=kZP%2BErxE13OEJzn7KkUeH%2B4kPR5j3%2B8E9iquHNJ8nb4%3D&reserved=0
> >> This message is from an external sender. Learn more about why this <<
> >> matters at https://links.utexas.edu/rtyclf. <<
> _______________________________________________
> sssd-users mailing list -- [email protected]
> To unsubscribe send an email to [email protected]
> Fedora Code of Conduct:
> https://docs.fedoraproject.org/en-US/project/code-of-conduct/
> List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
> List Archives:
> https://lists.fedorahosted.org/archives/list/[email protected]
_______________________________________________
sssd-users mailing list -- [email protected]
To unsubscribe send an email to [email protected]
Fedora Code of Conduct:
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives:
https://lists.fedorahosted.org/archives/list/[email protected]
