Hello FreeIPA Community! My FreeIPA setup consists of two servers in master-master replication scenario. I have recently made a change to LDAP schema to not exclude krbloginfailedcount attribute from replication. I am seeing incremental updates being pushed from the server where failed login occurs, and the other freeIPA server acquires these replication updates, however it does not seem to update its krbloginfailedcount for the respective user. Hence, my goal to have user account locked out after X number of failed logins irrespective of the auth server is not successful, as each server still seems to maintain its own version of failed auth attempts. Am I doing something wrong?
Thanks much, Yuri ________________________________ LEGAL DISCLAIMER: M.C. Dean, Inc. and its subsidiaries considers this e-mail and any files transmitted with it to be protected, proprietary or privileged information intended solely for the use of the named recipient(s). Any disclosure of this material or the information contained herein, in whole or in part, to anyone outside of the intended recipient or affiliates is strictly prohibited. M. C. Dean, Inc. accepts no liability for the content of this e-mail or for the consequences of any actions taken on the basis of the information contained in it, unless that information is subsequently confirmed in writing. Employees of M.C. Dean, Inc. are instructed not to infringe on any rights of the recipient; any such communication violates company policy. If you are not the intended recipient, any disclosure, copying, distribution, or action taken or omitted in reliance on this information is strictly prohibited by M.C. Dean, Inc.; please notify the sender immediately by return e-mail, delete this communication and destroy all copies.
_______________________________________________ FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedorahosted.org
