[Freeipa-users] Odd Password Issue Across the realm
Rob Crittenden
rcritten at redhat.com
Thu Jul 21 22:24:07 UTC 2016
Auerbach, Steven wrote:
> We have our IPA set up as master-master and we have about 25 clients in
> realm (including the IPA servers themselves).
>
> We have a single user who changed his unexpired password using the
> passwd command logged on to one of the registered clients.
>
> Thereafter, when he logs on to any of the client servers in the realm
> with the exception of one, his new password is accepted. On only one
> client server his new password is not accepted. That client server will
> only let him in with a password that was in effect 2 password changes in
> the past.
>
> I believe that there is no sync problem between the IPA Masters because
> I changed the admin password on one of them (IPA Master) yesterday and
> it was available immediately after a logout to sign on as admin to the
> other master with the new password.
>
> Are we instructing users with the wrong command for changing an
> unexpired password? If not, where would we turn to rectify this issue
> that this one user has with the one IPA client server?
I wonder if sssd on that client is in offline mode.
rob
More information about the Freeipa-users
mailing list