After 30 days of running sssd I found that my test workstation no longer connected to the domain. The machine account password had timed out. I now run a daily cron job using msktutil wihch will auto-update the password. However I should not have to do this. sssd should update the machine password. I can see entries in the logs such that the machine account password renewal task is enabled. Then: [be_ptask_execute] (0x0400): Task [AD machine account password renewal]: executing task, timeout 60 seconds How though can I see if this taks is successful or not? I realise that if the machine account is less than 30 days old the task probably silently completes OK without any logging.

The version of sssd is 16.1 running on Ubuntu John Hearns

_______________________________________________ sssd-users mailing list -- sssd-users(a)lists.fedorahosted.org To unsubscribe send an email to sssd-users-leave(a)lists.fedorahosted.org Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/sssd-users@lists.fedorahost...

Thankyou Sumit. Indeed I do have adcli installed, and I am investigating this issue usign the higher log level which you suggest. I think this is a problem with domain names. When I use msktutil to renew the machine password I must explicitly run msktutil ..auto-update --computer-name myhostname This is because the DNS domain of my workstation does not match the Active Directory realm name On 4 July 2018 at 08:48, Sumit Bose <sbose(a)redhat.com&gt; wrote: > On Mon, Jun 25, 2018 at 05:12:25PM +0200, John Hearns wrote: > > After 30 days of running sssd I found that my test workstation no longer > > connected to the domain. > > The machine account password had timed out. > > I now run a daily cron job using msktutil wihch will auto-update the > > password. > > > > However I should not have to do this. sssd should update the machine > > password. > > > > I can see entries in the logs such that the machine account password > > renewal task is enabled. > > Then: > > > > [be_ptask_execute] (0x0400): Task [AD machine account password renewal]: > > executing task, timeout 60 seconds > > > > How though can I see if this taks is successful or not? > > I realise that if the machine account is less than 30 days old the task > > probably silently completes OK without any logging. > > Do you have adcli installed? > > If you set 'debug_level=7' or higher in the [domain/...] section of > sssd.conf you should be able to find the debug output of adcli in the > logs, it will start with '--- adcli output start---'. > > HTH > > bye, > Sumit > > > > > The version of sssd is 16.1 running on Ubuntu > > > > > > John Hearns > > > _______________________________________________ > > sssd-users mailing list -- sssd-users(a)lists.fedorahosted.org > > To unsubscribe send an email to sssd-users-leave(a)lists.fedorahosted.org > > Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html > > List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines > > List Archives: https://lists.fedoraproject.or > g/archives/list/sssd-users(a)lists.fedorahosted.org/message/2F > 77SPP4CXHS4YMKCMHIA5EJHI424VNV/ > _______________________________________________ > sssd-users mailing list -- sssd-users(a)lists.fedorahosted.org > To unsubscribe send an email to sssd-users-leave(a)lists.fedorahosted.org > Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html > List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines > List Archives: https://lists.fedoraproject.or > g/archives/list/sssd-users(a)lists.fedorahosted.org/message/EH > QHLPX24S45CM4ELUUDG7NHQHWQK7TE/ >