[SSSD-users] Re: Frequently disconnected from domain

Wed, 03 May 2023 03:09:27 -0700 

Am Wed, May 03, 2023 at 12:17:31PM +0530 schrieb Sac Isilia:
> Hi Team,
> 
> We are using sssd in our environment for authentication of AD users. But it
> disconnect from domain for unknown reasons.
> 
> Can someone help if there is some best practice or script that
> automatically rejoin the server to domain as soon as it disconnects? It has
> become pain for us to do it manually.

Hi,

how often does this happen for a single host? If it is around every 30
days then most probably the automatic renewal of the machine account
password failed. If in your environment computers are not required to
renew their password every 30 days you can disable this feature by
setting

    ad_maximum_machine_account_password_age = 0

in the [domain/...] section of sssd.conf and restart SSSSD, see 'man
sssd-ad' for details.

If you want to debug the issue I suggest to use a test host which is
currently working and set

    ad_maximum_machine_account_password_age = 1
    debug_level = 9

in the [domain/...] section of sssd.conf and restart SSSD. This will
tell SSSD to try to renew the machine account password if it is older
than one day and write a detailed debug log.

Which version of SSSD are you using and on which platform?

bye,
Sumit

> 
> Regards
> Sachin Kumar

> _______________________________________________
> sssd-users mailing list -- [email protected]
> To unsubscribe send an email to [email protected]
> Fedora Code of Conduct: 
> https://docs.fedoraproject.org/en-US/project/code-of-conduct/
> List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
> List Archives: 
> https://lists.fedorahosted.org/archives/list/[email protected]
> Do not reply to spam, report it: 
> https://pagure.io/fedora-infrastructure/new_issue
_______________________________________________
sssd-users mailing list -- [email protected]
To unsubscribe send an email to [email protected]
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedorahosted.org/archives/list/[email protected]
Do not reply to spam, report it: 
https://pagure.io/fedora-infrastructure/new_issue

Reply via email to