This morning a user reported not being able to log into a Linux host they'd logged into 2 hours before. I verified that nothing had changed in puppet and asked $coworkers if they'd made any changes to AD (which we use for LDAP). ...

... No changes were made by anyone. I tracked the problem down to SSSD's not being happy with TLS when talking to AD.
After more research $BOSS discovered the AD hosts had issued themselves new certs, disabling the signed ones we were using. We had a two hour outage because of this. Thanks-no-thanks ! 😡

Sign in to participate in the conversation

Generalistic and moderated instance.