Again the best that I can find is that controls like the aforementioned effect the behavior of the client not the server. The client is in control of changing passwords/renewing keytabs, and unless there is a third party utility in use the AD does not enforce a password change requirement or lock out a machine if the password has not been changed.
References: https://blog.joeware.net/2012/09/12/2590/ https://www.itprotoday.com/management-mobility/q-can-password-windows-machine-s-domain-account-expire-just-normal-user-account https://funinit.wordpress.com/2017/11/29/how-sssd-updates-machine-account-password/ https://itworldjd.wordpress.com/2014/01/22/what-is-the-maximum-password-age-of-computers-in-ad/ And the info I posted before. I am not 100% certain of course, there is a huge amount of misinformation one way or the other on this particular thing, and I am not discounting your experience, it has me worried enough to be spending my time today trying to find a definitive answer, because if I am wrong come the 24th my life is going to be miserable. _______________________________________________ sssd-users mailing list -- sssd-users@lists.fedorahosted.org To unsubscribe send an email to sssd-users-le...@lists.fedorahosted.org Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/sssd-users@lists.fedorahosted.org