Re: Fwd: passwordRetryCount not incrementing past 1

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Are you using any kind of VIP or load balancer in front of the two instances?


On Fri, Apr 12, 2013 at 12:15 PM, Eric Gingras <eric@xxxxxxxxxxxxxx> wrote:
Hi,

I have not received any input on this one, if you could kindly inform if some information is missing I'd like to get this resolved.

Many thanks
Eric



-------- Original Message --------
Subject: passwordRetryCount not incrementing past 1
Date: 2013-04-10 09:17
From: Eric Gingras <eric@xxxxxxxxxxxxxx>
To: <389-users@lists.fedoraproject.org>

Hi,

I have an issue with account lockout.

Setup:
2-node in MMR config
389-Directory/1.2.10.26 B2013.023.2027 (from fedorapeople repo)
RHEL 6.4 x86_64

What I did (as per docs), doing this as a subtree or local policy:

dn: cn=config
changetype: modify
replace: passwordIsGlobalPolicy
passwordIsGlobalPolicy: on

dn: cn=cn\=nsPwPolicyEntry\,ou\=People\,dc\=<REMOVED>\,dc\=com,cn=nsPwPolicyContainer,ou=People,dc=<REMOVED>,dc=com
changetype: modify
replace: passwordExp
passwordExp: on
-
replace: passwordMaxAge
passwordMaxAge: 7862400
-
replace: passwordHistory
passwordHistory: on
-
replace: passwordInHistory
passwordInHistory: 3
-
replace: passwordCheckSyntax
passwordCheckSyntax: on
-
replace: passwordMinDigits
passwordMinDigits: 1
-
replace: passwordMinSpecials
passwordMinSpecials: 1
-
replace: passwordMinLowers
passwordMinLowers: 1
-
replace: passwordMinUppers
passwordMinUppers: 1
-
replace: passwordMinLength
passwordMinLength: 8
-
replace: passwordStorageScheme
passwordStorageScheme: SSHA512
-
replace: passwordLockout
passwordLockout: on
-
add: passwordMaxFailure
passwordMaxFailure: 3
-
add: passwordUnlock
passwordUnlock: off

I also need to track loginTime (no time-based lockout), again as per doc:

dn: cn=Account Policy Plugin,cn=plugins,cn=config
changetype: modify
replace: nsslapd-pluginEnabled
nsslapd-pluginEnabled: on

dn: cn=Account Policy Plugin,cn=plugins,cn=config
changetype: modify
replace: nsslapd-pluginarg0
nsslapd-pluginarg0: cn=config,cn=Account Policy Plugin,cn=plugins,cn=config

dn: cn=config,cn=Account Policy Plugin,cn=plugins,cn=config
changetype: modify
replace: alwaysrecordlogin
alwaysrecordlogin: yes
-
add: stateattrname
stateattrname: lastLoginTime
-
add: altstateattrname
altstateattrname: createTimestamp
-
add: specattrname
specattrname: acctPolicySubentry
-
add: limitattrname
limitattrname: accountInactivityLimit

Restarted:

service dirsrv restart both nodes

What I get (after purposely trying to bind with wrong pwd many times):

No lockout, passwordRetryCount stays at 1

dn: uid=<REMOVED>,ou=People,dc=<REMOVED>,dc=com
passwordRetryCount: 1
retryCountResetTime: 20130410130146Z
lastLoginTime: 20130409193943Z
passwordExpirationTime: 20130709182434Z
userPassword:: <REMOVED>
mail: <REMOVED>
sn: <REMOVED>
preferredLanguage: en
cn: <REMOVED>
uid: <REMOVED>
objectClass: inetOrgPerson
objectClass: organizationalPerson
objectClass: person
objectClass: top
givenName: <REMOVED>

I'm freshly out of ideas, thanks for helping.

Eric
--
389 users mailing list
389-users@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/389-users

--
389 users mailing list
389-users@xxxxxxxxxxxxxxxxxxxxxxx
https://admin.fedoraproject.org/mailman/listinfo/389-users

[Index of Archives]     [Fedora User Discussion]     [Older Fedora Users]     [Fedora Announce]     [Fedora Package Announce]     [EPEL Announce]     [Fedora News]     [Fedora Cloud]     [Fedora Advisory Board]     [Fedora Education]     [Fedora Security]     [Fedora Scitech]     [Fedora Robotics]     [Fedora Maintainers]     [Fedora Infrastructure]     [Fedora Websites]     [Anaconda Devel]     [Fedora Devel Java]     [Fedora Legacy]     [Fedora Desktop]     [Fedora Fonts]     [ATA RAID]     [Fedora Marketing]     [Fedora Management Tools]     [Fedora Mentors]     [Fedora Package Review]     [Fedora R Devel]     [Fedora PHP Devel]     [Kickstart]     [Fedora Music]     [Fedora Packaging]     [Centos]     [Fedora SELinux]     [Fedora Legal]     [Fedora Kernel]     [Fedora QA]     [Fedora Triage]     [Fedora OCaml]     [Coolkey]     [Virtualization Tools]     [ET Management Tools]     [Yum Users]     [Tux]     [Yosemite News]     [Yosemite Photos]     [Linux Apps]     [Maemo Users]     [Gnome Users]     [KDE Users]     [Fedora Tools]     [Fedora Art]     [Fedora Docs]     [Maemo Users]     [Asterisk PBX]     [Fedora Sparc]     [Fedora Universal Network Connector]     [Fedora ARM]

  Powered by Linux