Hey,
I'm wondering if SSSD might not be updating some of the logon attributes in AD. We recently were directed to use updated DCs and some attributes no longer seem to be getting updated; for example, logonCount and lastLogon. In some cases, the attribute is non-existant. I'm leaning towards it being a DC issue since it was gettting updated with the previous controllers but wanted to see if anyone was aware of any reason SSSD could be at issue.
thanks
=G=
SSSD does not update any attributes on its own. Are you sure the users are not logging in with e.g. ssh public key which would bypass AD DCs during authentication completely?
On 3 Aug 2018, at 17:15, Galen Johnson Galen.Johnson@sas.com wrote:
Hey,
I'm wondering if SSSD might not be updating some of the logon attributes in AD. We recently were directed to use updated DCs and some attributes no longer seem to be getting updated; for example, logonCount and lastLogon. In some cases, the attribute is non-existant. I'm leaning towards it being a DC issue since it was gettting updated with the previous controllers but wanted to see if anyone was aware of any reason SSSD could be at issue.
thanks
=G=
sssd-users mailing list -- sssd-users@lists.fedorahosted.org To unsubscribe send an email to sssd-users-leave@lists.fedorahosted.org Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/sssd-users@lists.fedorahosted....
Thanks Jakub. I'm sure. I've ssh'd directly into the servers with an account that has no key. I'm still thinking something is configured differently with the new AD DCs...I just have to convince them that it's on their end :-/.
=G=
________________________________________ From: Jakub Hrozek jhrozek@redhat.com Sent: Monday, August 6, 2018 3:34 AM To: End-user discussions about the System Security Services Daemon Subject: [SSSD-users] Re: login attributes not being updated
EXTERNAL
SSSD does not update any attributes on its own. Are you sure the users are not logging in with e.g. ssh public key which would bypass AD DCs during authentication completely?
On 3 Aug 2018, at 17:15, Galen Johnson Galen.Johnson@sas.com wrote:
Hey,
I'm wondering if SSSD might not be updating some of the logon attributes in AD. We recently were directed to use updated DCs and some attributes no longer seem to be getting updated; for example, logonCount and lastLogon. In some cases, the attribute is non-existant. I'm leaning towards it being a DC issue since it was gettting updated with the previous controllers but wanted to see if anyone was aware of any reason SSSD could be at issue.
thanks
=G=
sssd-users mailing list -- sssd-users@lists.fedorahosted.org To unsubscribe send an email to sssd-users-leave@lists.fedorahosted.org Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/sssd-users@lists.fedorahosted....
_______________________________________________ sssd-users mailing list -- sssd-users@lists.fedorahosted.org To unsubscribe send an email to sssd-users-leave@lists.fedorahosted.org Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/sssd-users@lists.fedorahosted....
sssd-users@lists.fedorahosted.org