Locking is per-server because replicating the last login time is expensive and known to cause issues.
Glad you got the reason identified. rob Russell Jones via FreeIPA-users wrote: > To follow up on this - My problem was caused by the account getting > locked because of password failures. I guess when an account gets locked > for this reason it only gets locked on that one IPA server....? Either > way, problem solved. > > On Mon, Mar 24, 2025 at 2:40 PM Russell Jones <[email protected] > <mailto:[email protected]>> wrote: > > Hi all, > > Trying to figure out what is going on and how to correct this issue. > > We have a 4 node cluster of FreeIPA servers, and node 3 can no > longer authenticate one single user (so far... that's the only one I > have found) at random intervals. "Password incorrect". If I take > that user's password and try to login to the web UI on that problem > FreeIPA server, it indeed does not authenticate. > > If I take the same creds to the other 3, it authenticates fine. > > I have tried a force sync, as well as rebooting the node and it > fixes it for an indeterminate amount of time and then that one user > fails again to authenticate to just that one replica. > ipa-replica-manage list shows everything is in sync between > everybody as best I can tell. > > Any ideas? Thanks in advance! > > -- _______________________________________________ FreeIPA-users mailing list -- [email protected] To unsubscribe send an email to [email protected] Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/[email protected] Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
