Hello! Sorry for making you confused.
The main problem is the cache on ipa server/client. How long the cache remain active and refresh with correct policy/rules. Whenever I set the sudo rules, modify another configuration (policy, etc), it's always have delay. And until now, the global_policy still didn't use correct configuration. It's still using min 0, max 0 configuration (I set this policy yesterday, and was revert it back to min 1 max 90 on yesterday too) Any hints? On 07/31/2015 01:47 AM, Jakub Hrozek wrote: > On Thu, Jul 30, 2015 at 09:50:23PM +0700, Dewangga Bachrul Alam wrote: >> Hello! >> >> I don't know start from where to tracking down this issue. I found >> another something interesting. >> >> 1. Set `global_policy` password expired (both min and max) to 0 (zero) >> 2. Add user called `dummy` >> 3. Set global_policy password expired min (1) and max (90). >> 4. Add user called `dummy2` >> >> Both user dummy and dummy2 have same password expiration :D >> This problem is same with assign sudo/group to user. >> >> I was set debug_level = 7 to following section in sssd.conf : >> >> [domain/mydomain.co.id] >> .. debug_level = 7 .. >> >> [sssd] >> .. debug_level = 7 .. >> >> [sudo] >> .. debug_level = 7 .. >> >> I didn't find any related information about the 4 step above. > > I'm sorry, but I'm getting a bit confused about what is and what is not > the problem. Can we take a step back and see what works in your > environment and what does not? > > Can you describe the workflow? > -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project