On Thu, Jul 15, 2021 at 9:37 AM Arthur Scott Poore
wrote:
We managed to figure it out before I saw your reply, but you were on
the right track:
> One other question related to being air-gapped, do the certificates
> on the cards have OCSP/CRL info/urls set? If so, SSSD may be trying
> to check
Hi James,
I'll try to include questions/comments/suggestions in-line below.
> We have an air-gapped network of RHEL7 hosts that use sssd to perform
> PKINIT (smartcard + Kerberos) authentication against Windows Server
> 2016 domain controllers.
>
> Setting this up properly entailed setting