Hi every body,
We are in the process of converting to SSSD for our Centos 6.9 & 7.3 servers.
We have the latest available "sssd-1.13.3-56.el6.x86_64" &
"adcli-0.8.1-1.el6.x86_64" installed for our platform.
In a month or so most of our servers were dropped out of domain.
We followed several documents, including "Integrating Red Hat Enterprise Linux 6 with
Active Directory" and "Red Hat Enterprise Linux 7.3 Beta Windows Integration
I don't recall seeing any references to what should be configured to enable automatic kerberos host keytab renewal
in those documents.
After the issue we started looking in to it and saw recommendations about running cron
jobs to renew host keytabs:
Other documentation however indicated this issue has been addressed after
My question is do we still need to configure a cronjob to run "msktutil
--auto-update" and "kinit -k <servername>$"?
Is default value of "ad_maximum_machine_account_password_age = 30" sufficient
for auto renewals?
We checked with AD team and they say machine passwords rotate every 30 days.
General support questions
2 posts • Page 1 of 1