ad_maximum_machine_account_password_age (integer)
SSSD will check once a day if the machine account password is older than the given age in days and try to renew it. A value of 0 will disable
the renewal attempt.
Default: 30 days
SSSD changed the default behavior.
We probably should improve our SSSD config:
with Samba AD: ad_maximum_machine_account_password_age set to 0
with MS AD: ad_maximum_machine_account_password_age set to 30 and pac option in services section
Good news here: I reproduced the error edit: NOW IN TESTING /cc @quality_team
It seems the upstream upgrade from sssd 1.13 to 1.14 introduces a new feature that changes the machine password each month (to emulate Win clients). This new feature is not compatible with our configuration. We now must see if we can modify our config or disable the new feature.