Sumit,
thankyou for the advice here.
I reduced the password age value, and with the higher logging level the
password renewal using adcli was successful.
Thanks again.
On 4 July 2018 at 10:03, John Hearns <hearnsj(a)googlemail.com> wrote:
Thankyou Sumit. Indeed I do have adcli installed, and I am
investigating
this issue usign the higher log level which you suggest.
I think this is a problem with domain names.
When I use msktutil to renew the machine password I must explicitly run
msktutil ..auto-update --computer-name myhostname
This is because the DNS domain of my workstation does not match the
Active Directory realm name
On 4 July 2018 at 08:48, Sumit Bose <sbose(a)redhat.com> wrote:
> On Mon, Jun 25, 2018 at 05:12:25PM +0200, John Hearns wrote:
> > After 30 days of running sssd I found that my test workstation no longer
> > connected to the domain.
> > The machine account password had timed out.
> > I now run a daily cron job using msktutil wihch will auto-update the
> > password.
> >
> > However I should not have to do this. sssd should update the machine
> > password.
> >
> > I can see entries in the logs such that the machine account password
> > renewal task is enabled.
> > Then:
> >
> > [be_ptask_execute] (0x0400): Task [AD machine account password renewal]:
> > executing task, timeout 60 seconds
> >
> > How though can I see if this taks is successful or not?
> > I realise that if the machine account is less than 30 days old the task
> > probably silently completes OK without any logging.
>
> Do you have adcli installed?
>
> If you set 'debug_level=7' or higher in the [domain/...] section of
> sssd.conf you should be able to find the debug output of adcli in the
> logs, it will start with '--- adcli output start---'.
>
> HTH
>
> bye,
> Sumit
>
> >
> > The version of sssd is 16.1 running on Ubuntu
> >
> >
> > John Hearns
>
> > _______________________________________________
> > sssd-users mailing list -- sssd-users(a)lists.fedorahosted.org
> > To unsubscribe send an email to sssd-users-leave(a)lists.fedorahosted.org
> > Fedora Code of Conduct:
https://getfedora.org/code-of-conduct.html
> > List Guidelines:
https://fedoraproject.org/wiki/Mailing_list_guidelines
> > List Archives:
https://lists.fedoraproject.or
> g/archives/list/sssd-users(a)lists.fedorahosted.org/message/2F
> 77SPP4CXHS4YMKCMHIA5EJHI424VNV/
> _______________________________________________
> sssd-users mailing list -- sssd-users(a)lists.fedorahosted.org
> To unsubscribe send an email to sssd-users-leave(a)lists.fedorahosted.org
> Fedora Code of Conduct:
https://getfedora.org/code-of-conduct.html
> List Guidelines:
https://fedoraproject.org/wiki/Mailing_list_guidelines
> List Archives:
https://lists.fedoraproject.or
> g/archives/list/sssd-users(a)lists.fedorahosted.org/message/EH
> QHLPX24S45CM4ELUUDG7NHQHWQK7TE/
>