Just wondering if there is any more news regarding the patch for sssd to work with the new MS requirements? Curerrently I'm being notified that ALL linux servers are reporting this in the AD logs:
"...client performed a SASL (Negotiate/Kerberos/NTLM/Digest) LDAP bind without requesting signing (integrity verification), or performed a simple bind over a clear text (non-SSL/TLS-encrypted) LDAP connection..."
We are planning to test a sssd client with a patched AD server to see if this will break AD auth on our sssd clients, but wanted to see if a patch for sssd has been made available anywhere to use ldaps or ldap with sssd.
Thanks, Chris
On Wed, Dec 11, 2019 at 08:14:25AM -0500, Chris P. wrote:
Just wondering if there is any more news regarding the patch for sssd to work with the new MS requirements? Curerrently I'm being notified that ALL linux servers are reporting this in the AD logs:
"...client performed a SASL (Negotiate/Kerberos/NTLM/Digest) LDAP bind without requesting signing (integrity verification), or performed a simple bind over a clear text (non-SSL/TLS-encrypted) LDAP connection..."
Hi,
I forgot to send the patch to use LDAPS for review, I will do it soon.
In the meantime please check in the sssd-ldap man page if the option ldap_sasl_mech supports GSS-SPNEGO (recent version of SSSD should do). In this case you can set
ldap_sasl_mech = GSS-SPNEGO
in the [domain/...] section of sssd.conf and restart SSSD. Now the error logs in the AD side should at least be gone for this host.
HTH
bye, Sumit
We are planning to test a sssd client with a patched AD server to see if this will break AD auth on our sssd clients, but wanted to see if a patch for sssd has been made available anywhere to use ldaps or ldap with sssd.
Thanks, Chris
sssd-users mailing list -- sssd-users@lists.fedorahosted.org To unsubscribe send an email to sssd-users-leave@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/sssd-users@lists.fedorahosted.o...
Hi,
We are seeing the same in our AD logs - "The following client performed a SASL (Negotiate/Kerberos/NTLM/Digest) LDAP bind without requesting signing (integrity verification)..." - and tried to mitigate this by changing from GSSAPI to GSS-SPNEGO in SSSD, but this makes no difference, AD keeps logging warnings.
The logs does not origin from starting/stopping sssd, but rather when this happens:
Dec 16 15:25:57 adcli[116149]: GSSAPI client step 1 Dec 16 15:25:57 adcli[116149]: GSSAPI client step 1 Dec 16 15:25:57 adcli[116149]: GSSAPI client step 1 Dec 16 15:25:57 adcli[116149]: GSSAPI client step 2
(from 'systemctl status sssd').
So even if sssd is configured to use GSS-SPNEGO it seems to trigger adcli which uses GSSAPI?
regards, Adam
________________________________________ From: Sumit Bose [sbose@redhat.com] Sent: 11 December 2019 15:55 To: End-user discussions about the System Security Services Daemon Subject: [SSSD-users] Re: How do new LDAP security recommendations from MS affect sssd clients?
On Wed, Dec 11, 2019 at 08:14:25AM -0500, Chris P. wrote:
Just wondering if there is any more news regarding the patch for sssd to work with the new MS requirements? Curerrently I'm being notified that ALL linux servers are reporting this in the AD logs:
"...client performed a SASL (Negotiate/Kerberos/NTLM/Digest) LDAP bind without requesting signing (integrity verification), or performed a simple bind over a clear text (non-SSL/TLS-encrypted) LDAP connection..."
Hi,
I forgot to send the patch to use LDAPS for review, I will do it soon.
In the meantime please check in the sssd-ldap man page if the option ldap_sasl_mech supports GSS-SPNEGO (recent version of SSSD should do). In this case you can set
ldap_sasl_mech = GSS-SPNEGO
in the [domain/...] section of sssd.conf and restart SSSD. Now the error logs in the AD side should at least be gone for this host.
HTH
bye, Sumit
We are planning to test a sssd client with a patched AD server to see if this will break AD auth on our sssd clients, but wanted to see if a patch for sssd has been made available anywhere to use ldaps or ldap with sssd.
Thanks, Chris
sssd-users mailing list -- sssd-users@lists.fedorahosted.org To unsubscribe send an email to sssd-users-leave@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/sssd-users@lists.fedorahosted.o...
_______________________________________________ sssd-users mailing list -- sssd-users@lists.fedorahosted.org To unsubscribe send an email to sssd-users-leave@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/sssd-users@lists.fedorahosted.o...
On Tue, Dec 17, 2019 at 06:18:21AM +0000, Winberg Adam wrote:
Hi,
We are seeing the same in our AD logs - "The following client performed a SASL (Negotiate/Kerberos/NTLM/Digest) LDAP bind without requesting signing (integrity verification)..." - and tried to mitigate this by changing from GSSAPI to GSS-SPNEGO in SSSD, but this makes no difference, AD keeps logging warnings.
The logs does not origin from starting/stopping sssd, but rather when this happens:
Dec 16 15:25:57 adcli[116149]: GSSAPI client step 1 Dec 16 15:25:57 adcli[116149]: GSSAPI client step 1 Dec 16 15:25:57 adcli[116149]: GSSAPI client step 1 Dec 16 15:25:57 adcli[116149]: GSSAPI client step 2
(from 'systemctl status sssd').
So even if sssd is configured to use GSS-SPNEGO it seems to trigger adcli which uses GSSAPI?
Hi,
yes, you are right. adcli does not inherit this option from SSSD but sets up the connection on its own. I'm working on a fix for adcli as well.
Do I understand correctly that if you disable the renewal of the machine account password by setting
ad_maximum_machine_account_password_age = 0
and use GSS-SPNEGO for SSSD there are no messages in the AD logs?
bye, Sumit
regards, Adam
From: Sumit Bose [sbose@redhat.com] Sent: 11 December 2019 15:55 To: End-user discussions about the System Security Services Daemon Subject: [SSSD-users] Re: How do new LDAP security recommendations from MS affect sssd clients?
On Wed, Dec 11, 2019 at 08:14:25AM -0500, Chris P. wrote:
Just wondering if there is any more news regarding the patch for sssd to work with the new MS requirements? Curerrently I'm being notified that ALL linux servers are reporting this in the AD logs:
"...client performed a SASL (Negotiate/Kerberos/NTLM/Digest) LDAP bind without requesting signing (integrity verification), or performed a simple bind over a clear text (non-SSL/TLS-encrypted) LDAP connection..."
Hi,
I forgot to send the patch to use LDAPS for review, I will do it soon.
In the meantime please check in the sssd-ldap man page if the option ldap_sasl_mech supports GSS-SPNEGO (recent version of SSSD should do). In this case you can set
ldap_sasl_mech = GSS-SPNEGO
in the [domain/...] section of sssd.conf and restart SSSD. Now the error logs in the AD side should at least be gone for this host.
HTH
bye, Sumit
We are planning to test a sssd client with a patched AD server to see if this will break AD auth on our sssd clients, but wanted to see if a patch for sssd has been made available anywhere to use ldaps or ldap with sssd.
Thanks, Chris
sssd-users mailing list -- sssd-users@lists.fedorahosted.org To unsubscribe send an email to sssd-users-leave@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/sssd-users@lists.fedorahosted.o...
sssd-users mailing list -- sssd-users@lists.fedorahosted.org To unsubscribe send an email to sssd-users-leave@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/sssd-users@lists.fedorahosted.o... _______________________________________________ sssd-users mailing list -- sssd-users@lists.fedorahosted.org To unsubscribe send an email to sssd-users-leave@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/sssd-users@lists.fedorahosted.o...
aha, adcli is used for the machine account password renewal, of course. I will try to disable that and get back to you.
This is on RHEL 8.1, btw.
//Adam
________________________________________ From: Sumit Bose [sbose@redhat.com] Sent: 17 December 2019 07:29 To: sssd-users@lists.fedorahosted.org Subject: [SSSD-users] Re: How do new LDAP security recommendations from MS affect sssd clients?
On Tue, Dec 17, 2019 at 06:18:21AM +0000, Winberg Adam wrote:
Hi,
We are seeing the same in our AD logs - "The following client performed a SASL (Negotiate/Kerberos/NTLM/Digest) LDAP bind without requesting signing (integrity verification)..." - and tried to mitigate this by changing from GSSAPI to GSS-SPNEGO in SSSD, but this makes no difference, AD keeps logging warnings.
The logs does not origin from starting/stopping sssd, but rather when this happens:
Dec 16 15:25:57 adcli[116149]: GSSAPI client step 1 Dec 16 15:25:57 adcli[116149]: GSSAPI client step 1 Dec 16 15:25:57 adcli[116149]: GSSAPI client step 1 Dec 16 15:25:57 adcli[116149]: GSSAPI client step 2
(from 'systemctl status sssd').
So even if sssd is configured to use GSS-SPNEGO it seems to trigger adcli which uses GSSAPI?
Hi,
yes, you are right. adcli does not inherit this option from SSSD but sets up the connection on its own. I'm working on a fix for adcli as well.
Do I understand correctly that if you disable the renewal of the machine account password by setting
ad_maximum_machine_account_password_age = 0
and use GSS-SPNEGO for SSSD there are no messages in the AD logs?
bye, Sumit
regards, Adam
From: Sumit Bose [sbose@redhat.com] Sent: 11 December 2019 15:55 To: End-user discussions about the System Security Services Daemon Subject: [SSSD-users] Re: How do new LDAP security recommendations from MS affect sssd clients?
On Wed, Dec 11, 2019 at 08:14:25AM -0500, Chris P. wrote:
Just wondering if there is any more news regarding the patch for sssd to work with the new MS requirements? Curerrently I'm being notified that ALL linux servers are reporting this in the AD logs:
"...client performed a SASL (Negotiate/Kerberos/NTLM/Digest) LDAP bind without requesting signing (integrity verification), or performed a simple bind over a clear text (non-SSL/TLS-encrypted) LDAP connection..."
Hi,
I forgot to send the patch to use LDAPS for review, I will do it soon.
In the meantime please check in the sssd-ldap man page if the option ldap_sasl_mech supports GSS-SPNEGO (recent version of SSSD should do). In this case you can set
ldap_sasl_mech = GSS-SPNEGO
in the [domain/...] section of sssd.conf and restart SSSD. Now the error logs in the AD side should at least be gone for this host.
HTH
bye, Sumit
We are planning to test a sssd client with a patched AD server to see if this will break AD auth on our sssd clients, but wanted to see if a patch for sssd has been made available anywhere to use ldaps or ldap with sssd.
Thanks, Chris
sssd-users mailing list -- sssd-users@lists.fedorahosted.org To unsubscribe send an email to sssd-users-leave@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/sssd-users@lists.fedorahosted.o...
sssd-users mailing list -- sssd-users@lists.fedorahosted.org To unsubscribe send an email to sssd-users-leave@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/sssd-users@lists.fedorahosted.o... _______________________________________________ sssd-users mailing list -- sssd-users@lists.fedorahosted.org To unsubscribe send an email to sssd-users-leave@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/sssd-users@lists.fedorahosted.o...
_______________________________________________ sssd-users mailing list -- sssd-users@lists.fedorahosted.org To unsubscribe send an email to sssd-users-leave@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/sssd-users@lists.fedorahosted.o...
I can confirm that the warning messages in our AD logs are indeed gone after setting
ad_maximum_machine_account_password_age = 0
I would really like SSSD to update the machine account password however, so I look forward to the adcli fix.
Thanks!
//Adam
________________________________________ From: Winberg Adam [Adam.Winberg@smhi.se] Sent: 17 December 2019 07:33 To: End-user discussions about the System Security Services Daemon Subject: [SSSD-users] Re: How do new LDAP security recommendations from MS affect sssd clients?
aha, adcli is used for the machine account password renewal, of course. I will try to disable that and get back to you.
This is on RHEL 8.1, btw.
//Adam
________________________________________ From: Sumit Bose [sbose@redhat.com] Sent: 17 December 2019 07:29 To: sssd-users@lists.fedorahosted.org Subject: [SSSD-users] Re: How do new LDAP security recommendations from MS affect sssd clients?
On Tue, Dec 17, 2019 at 06:18:21AM +0000, Winberg Adam wrote:
Hi,
We are seeing the same in our AD logs - "The following client performed a SASL (Negotiate/Kerberos/NTLM/Digest) LDAP bind without requesting signing (integrity verification)..." - and tried to mitigate this by changing from GSSAPI to GSS-SPNEGO in SSSD, but this makes no difference, AD keeps logging warnings.
The logs does not origin from starting/stopping sssd, but rather when this happens:
Dec 16 15:25:57 adcli[116149]: GSSAPI client step 1 Dec 16 15:25:57 adcli[116149]: GSSAPI client step 1 Dec 16 15:25:57 adcli[116149]: GSSAPI client step 1 Dec 16 15:25:57 adcli[116149]: GSSAPI client step 2
(from 'systemctl status sssd').
So even if sssd is configured to use GSS-SPNEGO it seems to trigger adcli which uses GSSAPI?
Hi,
yes, you are right. adcli does not inherit this option from SSSD but sets up the connection on its own. I'm working on a fix for adcli as well.
Do I understand correctly that if you disable the renewal of the machine account password by setting
ad_maximum_machine_account_password_age = 0
and use GSS-SPNEGO for SSSD there are no messages in the AD logs?
bye, Sumit
regards, Adam
From: Sumit Bose [sbose@redhat.com] Sent: 11 December 2019 15:55 To: End-user discussions about the System Security Services Daemon Subject: [SSSD-users] Re: How do new LDAP security recommendations from MS affect sssd clients?
On Wed, Dec 11, 2019 at 08:14:25AM -0500, Chris P. wrote:
Just wondering if there is any more news regarding the patch for sssd to work with the new MS requirements? Curerrently I'm being notified that ALL linux servers are reporting this in the AD logs:
"...client performed a SASL (Negotiate/Kerberos/NTLM/Digest) LDAP bind without requesting signing (integrity verification), or performed a simple bind over a clear text (non-SSL/TLS-encrypted) LDAP connection..."
Hi,
I forgot to send the patch to use LDAPS for review, I will do it soon.
In the meantime please check in the sssd-ldap man page if the option ldap_sasl_mech supports GSS-SPNEGO (recent version of SSSD should do). In this case you can set
ldap_sasl_mech = GSS-SPNEGO
in the [domain/...] section of sssd.conf and restart SSSD. Now the error logs in the AD side should at least be gone for this host.
HTH
bye, Sumit
We are planning to test a sssd client with a patched AD server to see if this will break AD auth on our sssd clients, but wanted to see if a patch for sssd has been made available anywhere to use ldaps or ldap with sssd.
Thanks, Chris
sssd-users mailing list -- sssd-users@lists.fedorahosted.org To unsubscribe send an email to sssd-users-leave@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/sssd-users@lists.fedorahosted.o...
sssd-users mailing list -- sssd-users@lists.fedorahosted.org To unsubscribe send an email to sssd-users-leave@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/sssd-users@lists.fedorahosted.o... _______________________________________________ sssd-users mailing list -- sssd-users@lists.fedorahosted.org To unsubscribe send an email to sssd-users-leave@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/sssd-users@lists.fedorahosted.o...
_______________________________________________ sssd-users mailing list -- sssd-users@lists.fedorahosted.org To unsubscribe send an email to sssd-users-leave@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/sssd-users@lists.fedorahosted.o... _______________________________________________ sssd-users mailing list -- sssd-users@lists.fedorahosted.org To unsubscribe send an email to sssd-users-leave@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/sssd-users@lists.fedorahosted.o...
On Tue, Dec 17, 2019 at 12:48:58PM +0000, Winberg Adam wrote:
I can confirm that the warning messages in our AD logs are indeed gone after setting
ad_maximum_machine_account_password_age = 0
I would really like SSSD to update the machine account password however, so I look forward to the adcli fix.
Hi,
thanks for the feedback. The related ticket is https://bugzilla.redhat.com/show_bug.cgi?id=1762420, currently mostly private, I'll try to make important updates to the ticket public.
bye, Sumit
Thanks!
//Adam
From: Winberg Adam [Adam.Winberg@smhi.se] Sent: 17 December 2019 07:33 To: End-user discussions about the System Security Services Daemon Subject: [SSSD-users] Re: How do new LDAP security recommendations from MS affect sssd clients?
aha, adcli is used for the machine account password renewal, of course. I will try to disable that and get back to you.
This is on RHEL 8.1, btw.
//Adam
From: Sumit Bose [sbose@redhat.com] Sent: 17 December 2019 07:29 To: sssd-users@lists.fedorahosted.org Subject: [SSSD-users] Re: How do new LDAP security recommendations from MS affect sssd clients?
On Tue, Dec 17, 2019 at 06:18:21AM +0000, Winberg Adam wrote:
Hi,
We are seeing the same in our AD logs - "The following client performed a SASL (Negotiate/Kerberos/NTLM/Digest) LDAP bind without requesting signing (integrity verification)..." - and tried to mitigate this by changing from GSSAPI to GSS-SPNEGO in SSSD, but this makes no difference, AD keeps logging warnings.
The logs does not origin from starting/stopping sssd, but rather when this happens:
Dec 16 15:25:57 adcli[116149]: GSSAPI client step 1 Dec 16 15:25:57 adcli[116149]: GSSAPI client step 1 Dec 16 15:25:57 adcli[116149]: GSSAPI client step 1 Dec 16 15:25:57 adcli[116149]: GSSAPI client step 2
(from 'systemctl status sssd').
So even if sssd is configured to use GSS-SPNEGO it seems to trigger adcli which uses GSSAPI?
Hi,
yes, you are right. adcli does not inherit this option from SSSD but sets up the connection on its own. I'm working on a fix for adcli as well.
Do I understand correctly that if you disable the renewal of the machine account password by setting
ad_maximum_machine_account_password_age = 0
and use GSS-SPNEGO for SSSD there are no messages in the AD logs?
bye, Sumit
regards, Adam
From: Sumit Bose [sbose@redhat.com] Sent: 11 December 2019 15:55 To: End-user discussions about the System Security Services Daemon Subject: [SSSD-users] Re: How do new LDAP security recommendations from MS affect sssd clients?
On Wed, Dec 11, 2019 at 08:14:25AM -0500, Chris P. wrote:
Just wondering if there is any more news regarding the patch for sssd to work with the new MS requirements? Curerrently I'm being notified that ALL linux servers are reporting this in the AD logs:
"...client performed a SASL (Negotiate/Kerberos/NTLM/Digest) LDAP bind without requesting signing (integrity verification), or performed a simple bind over a clear text (non-SSL/TLS-encrypted) LDAP connection..."
Hi,
I forgot to send the patch to use LDAPS for review, I will do it soon.
In the meantime please check in the sssd-ldap man page if the option ldap_sasl_mech supports GSS-SPNEGO (recent version of SSSD should do). In this case you can set
ldap_sasl_mech = GSS-SPNEGO
in the [domain/...] section of sssd.conf and restart SSSD. Now the error logs in the AD side should at least be gone for this host.
HTH
bye, Sumit
We are planning to test a sssd client with a patched AD server to see if this will break AD auth on our sssd clients, but wanted to see if a patch for sssd has been made available anywhere to use ldaps or ldap with sssd.
Thanks, Chris
sssd-users mailing list -- sssd-users@lists.fedorahosted.org To unsubscribe send an email to sssd-users-leave@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/sssd-users@lists.fedorahosted.o...
sssd-users mailing list -- sssd-users@lists.fedorahosted.org To unsubscribe send an email to sssd-users-leave@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/sssd-users@lists.fedorahosted.o... _______________________________________________ sssd-users mailing list -- sssd-users@lists.fedorahosted.org To unsubscribe send an email to sssd-users-leave@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/sssd-users@lists.fedorahosted.o...
sssd-users mailing list -- sssd-users@lists.fedorahosted.org To unsubscribe send an email to sssd-users-leave@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/sssd-users@lists.fedorahosted.o... _______________________________________________ sssd-users mailing list -- sssd-users@lists.fedorahosted.org To unsubscribe send an email to sssd-users-leave@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/sssd-users@lists.fedorahosted.o... _______________________________________________ sssd-users mailing list -- sssd-users@lists.fedorahosted.org To unsubscribe send an email to sssd-users-leave@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/sssd-users@lists.fedorahosted.o...
sssd-users@lists.fedorahosted.org