Hello FreeIPA Community!
My FreeIPA setup consists of two servers in master-master replication scenario. I have
recently made a change to LDAP schema to not exclude krbloginfailedcount attribute from
replication. I am seeing incremental updates being pushed from the server where failed
login occurs, and the other freeIPA server acquires these replication updates, however it
does not seem to update its krbloginfailedcount for the respective user. Hence, my goal to
have user account locked out after X number of failed logins irrespective of the auth
server is not successful, as each server still seems to maintain its own version of failed
auth attempts. Am I doing something wrong?
Thanks much,
Yuri
________________________________
LEGAL DISCLAIMER: M.C. Dean, Inc. and its subsidiaries considers this e-mail and any files
transmitted with it to be protected, proprietary or privileged information intended solely
for the use of the named recipient(s). Any disclosure of this material or the information
contained herein, in whole or in part, to anyone outside of the intended recipient or
affiliates is strictly prohibited. M. C. Dean, Inc. accepts no liability for the content
of this e-mail or for the consequences of any actions taken on the basis of the
information contained in it, unless that information is subsequently confirmed in writing.
Employees of M.C. Dean, Inc. are instructed not to infringe on any rights of the
recipient; any such communication violates company policy. If you are not the intended
recipient, any disclosure, copying, distribution, or action taken or omitted in reliance
on this information is strictly prohibited by M.C. Dean, Inc.; please notify the sender
immediately by return e-mail, delete this communication and destroy all copies.
Show replies by date