Learn more about these different git repos.
Other Git URLs
sssd's invocation of adcli current messes up samba configurations that depend on a secrets file. I initially figured out what was going wrong after reading the description in this NC State blog post.
sssd
adcli
adcli gained the ability to update the secrets file in this merge request.
It seems as if the current best practice is to prevent sssd from calling adcli by setting ad_maximum_machine_account_password_age = 0 and then calling adcli from a cron job.
ad_maximum_machine_account_password_age = 0
It would be nice to have sssd manage this for us.
I'd like to extend get_adcli_extra_args so that it optionally includes a --add-samba-data.
--add-samba-data
I'd also like to to log the actual command line that was used, either in ad_machine_account_password_renewal_done, where it logs the commands output, or perhaps in `ad_machine_account_password_renewal_init.
ad_machine_account_password_renewal_done
Before I undertake this, I thought to ask whether someone else already had it in their sites and/or if such a change would be welcome.
Hi @hartzell,
a patch for this would be very welcome and useful for people running a Samba server on a system with SSSD.
I agree that the usage of --add-samba-data should be optional since it is only needed if you run a Samba server on the host. How are you planning to handle this? With a new option?
Thanks.
bye, Sumit
Great. I was thinking that I would do something similar to the ad_...maximum..._age variable in the sssd.conf file, just making it bool instead of int-ish. Should be a fairly parallel construction.
sssd.conf
bool
int
Feedback encouraged.
Great. I was thinking that I would do something similar to the ad_...maximum..._age variable in the sssd.conf file, just making it bool instead of int-ish. Should be a fairly parallel construction. Feedback encouraged.
Sounds good.
Looks like I can either change the signature of get_adcli_extra_args and pass in a bool like ad_add_samba_data or I could perhaps tuck it into the renewal_data struct. The former seems more proper, the latter less disruptive. Thoughts?
get_adcli_extra_args
ad_add_samba_data
renewal_data
I've read through the compilation instructions, it's going to be a bit of a pain to set up a dev host (I'm on a minimally provisioned shared CentOS box). Is there an official build Docker image or???
I've submitted a PR to implement this at: https://github.com/SSSD/sssd/pull/950
master
Metadata Update from @pbrezina: - Issue close_status updated to: Fixed - Issue status updated to: Closed (was: Open)
SSSD is moving from Pagure to Github. This means that new issues and pull requests will be accepted only in SSSD's github repository.
This issue has been cloned to Github and is available here: - https://github.com/SSSD/sssd/issues/4905
If you want to receive further updates on the issue, please navigate to the github issue and click on subscribe button.
subscribe
Thank you for understanding. We apologize for all inconvenience.
Login to comment on this ticket.