Add a retry to the PAM password synch check when the check fails
0 vote
Consider adding a retry to the PAM password synch check when the check fails. Please add the actual status of the failed synch check to the log. We are seeing that we have a synch check fail, and then the next check is successful. That would indicate that the password did not change, and there is an issue with the request that does the check, probably on the AD side, but we can't find it if we do not have a status return when there is a failure.
All Comments (3)
Hello,
Thank you for your request. If I understand correctly, your synch is failing but you don't really know why and you can't see any information in the log, am I correct ? Because I assume adding a retry to the PAM password heartbeat will give you the same result if it failed once. We could probably have a look to add more information on the failure if it could help. Let us know if it would help in your situation.
Best regards,
François Dubois
Hi,
Since the synch succeeds on the next scheduled attempt, I am thinking there is a transient issue, some additional logging for the error would help us find the issue.
Retrying the synch after a small delay would probably be successful and reduce the synch errors we are seeing.
thanks
Bill
Hello Bill,
I don't see any good reason why the synch would fail and should work right after a short delay. We will investigate if there is enough information in the error to understand what is going on.
Best regards,
François Dubois