IPA problems

Latest response

Hi all,

 

 

Problem (1)

I'm being having a serious issue with the password global_policy in the ipa server.

Not too long ago I set up the Max Lifetime to 99999 in the global_policy for the password.

The change didn't get reflected across all the users, this policy takes effect only for new users.
The old user are still in the 90 days policy.

my goal is to change the krbPasswordExpiration without having to reset the password all my users is this possible?

 

Problem(2)

I have several standard groups defined in the IPA server.

For some reason when I do list members belonging to a particular group the list shows half of the members that I added into that group. The odd thing is that when I run the command  ipa user-show johnsmith  the user information show up correctly and I can see the group with the right gid. But if I issue the command ipa group-show groupName ,  johnsmith is not in the group as it supposed to be. It seems like that groups are loosing reference to their member users.

Is there any way to fix this ?  I would appreciate if anyone can sshed some light on this.

 

Thank you

Marcello

MG

Responses