Hello,
we have several LinuxMint desktops Linux servers (CentOS, Ubuntu) that are integrated into the UCS LDAP domain following the instructions in the documentation.
On a regular base we then have the problem that the computer account password in the domain expires and logins stop working. Since we use SSSD caching most often only after a password change of a user.
For UCS servers there is a description how this is automatically handled and can also be triggered manually.
But how do I do this with non-UCS systems? I could not find any documentation or example.
I’m not sure if the instructions you linked are still up to date. We all work with Linuxmit desktops here and also have some non-UCS servers (Ubuntu-based).
For all of them I have the script:
for the ADS join and have never had the problem you describe.
Alternatively, the Ubuntu UCS join is available. I cannot say whether this works on Linuxmint.
Hi Sven,
Thanks for your response. I had a look at your script and into realmd. The big difference to the documentation I linked is that with UCS realmd uses the AD connector instead of LDAP connector.
But we rely on some LDAP features that I did not find equivilents to on the AD connector like the LDAP sudo rules.
I would like to hear a comment from Univention staff on this topic since our setup follows the official documentation.
Which LDAP attribute is checked for computer accounts during bind for expiry?