A user contacted me today for a password reset. I made the reset on the ipa-primary. The user opened a terminal session on an SSH Client to a server in the realm and logged in. They received the required immediate password change requirement and did so. They can log off and log back on that same server with their new password. They attempted to open a terminal shell to another server in the realm. Their new password is not accepted.
Both servers the user is attempting to connect to have the nameserver resolution in the same order (resolv.conf). On the ipa-primary their password expiration is 90 days from today. On the ipa-replicant the password expiration is about 60 days out (I did this with them Jan 13th also but they lost their password.....). It has been an hour since the user logged on to the server and made their required change. 2 questions arise: How to safely update replicant with the password change without changing the primary/replicant replationship order? How to force the other server to refer to the ipa-primary to validate the password? Thanks Steven Auerbach Systems Administrator State University System of Florida Board of Governors 325 West Gaines Street Tallahassee, Florida 32399 (850) 245-9592 | Fax (850) 245-0419 [email protected] | www.flbog.edu [BOG-wordmark-wideFOR EMAIL-color]
-- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go To http://freeipa.org for more info on the project
