It is never synced across masters, Check this on all servers. ipa user-show --all --raw <user> | grep krbLastSuccessfulAuth

On Fri, Aug 16, 2019 at 3:12 PM Boyd Ako via FreeIPA-users <freeipa-users(a)lists.fedorahosted.org <mailto:freeipa-users@lists.fedorahosted.org>> wrote: Is there any way to check when a user has last logged into any of the systems? I've tried `ipa user-show`, but the "Last Successful Authentication" is N/A. _______________________________________________ FreeIPA-users mailing list -- freeipa-users(a)lists.fedorahosted.org <mailto:freeipa-users@lists.fedorahosted.org> To unsubscribe send an email to freeipa-users-leave(a)lists.fedorahosted.org <mailto:freeipa-users-leave@lists.fedorahosted.org> Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedoraho... -- Thanks & Regards Arpit Tolani _______________________________________________ FreeIPA-users mailing list -- freeipa-users(a)lists.fedorahosted.org To unsubscribe send an email to freeipa-users-leave(a)lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedoraho...

Hey guys ! And if we want to do that for all the users ? Is it better to use an ipa user-find --sizelimit=2000 --all with a grep of is there another solution more appropriate ?

Thank you in advance for your help. Best regards. Lune. Le ven. 16 août 2019 à 14:14, Rob Crittenden via FreeIPA-users <freeipa-users(a)lists.fedorahosted.org <mailto:freeipa-users@lists.fedorahosted.org>> a écrit : Arpit Tolani via FreeIPA-users wrote: > It is never synced across masters, Check this on all servers. > > ipa user-show --all --raw <user> | grep krbLastSuccessfulAuth ipa user-status <user> will do this. rob > > > > On Fri, Aug 16, 2019 at 3:12 PM Boyd Ako via FreeIPA-users > <freeipa-users(a)lists.fedorahosted.org <mailto:freeipa-users@lists.fedorahosted.org> > <mailto:freeipa-users@lists.fedorahosted.org <mailto:freeipa-users@lists.fedorahosted.org>>> wrote: > >     Is there any way to check when a user has last logged into any of >     the systems? I've tried `ipa user-show`, but the "Last Successful >     Authentication" is N/A. >     _______________________________________________ >     FreeIPA-users mailing list -- freeipa-users(a)lists.fedorahosted.org <mailto:freeipa-users@lists.fedorahosted.org> >     <mailto:freeipa-users@lists.fedorahosted.org <mailto:freeipa-users@lists.fedorahosted.org>> >     To unsubscribe send an email to > freeipa-users-leave(a)lists.fedorahosted.org <mailto:freeipa-users-leave@lists.fedorahosted.org> >     <mailto:freeipa-users-leave@lists.fedorahosted.org <mailto:freeipa-users-leave@lists.fedorahosted.org>> >     Fedora Code of Conduct: > https://docs.fedoraproject.org/en-US/project/code-of-conduct/ >     List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines >     List Archives: > https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedoraho... > > > > -- > Thanks & Regards > Arpit Tolani > > > > _______________________________________________ > FreeIPA-users mailing list -- freeipa-users(a)lists.fedorahosted.org <mailto:freeipa-users@lists.fedorahosted.org> > To unsubscribe send an email to freeipa-users-leave(a)lists.fedorahosted.org <mailto:freeipa-users-leave@lists.fedorahosted.org> > Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ > List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines > List Archives: https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedoraho... > _______________________________________________ FreeIPA-users mailing list -- freeipa-users(a)lists.fedorahosted.org <mailto:freeipa-users@lists.fedorahosted.org> To unsubscribe send an email to freeipa-users-leave(a)lists.fedorahosted.org <mailto:freeipa-users-leave@lists.fedorahosted.org> Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedoraho... _______________________________________________ FreeIPA-users mailing list -- freeipa-users(a)lists.fedorahosted.org To unsubscribe send an email to freeipa-users-leave(a)lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedoraho...

It can be pretty intensive, for the master, you mean ?

I would like to avoid that but I am very interested to determine the users who are inactive. Ipa user find needs to be performed on each master I have ?

Best regards. Lune. Le mar. 20 août 2019 à 20:44, Rob Crittenden <rcritten(a)redhat.com <mailto:rcritten@redhat.com>> a écrit : lune voo via FreeIPA-users wrote: > Hey guys ! > > And if we want to do that for all the users ? > > Is it better to use an ipa user-find --sizelimit=2000 --all with a grep > of is there another solution more appropriate ? It's not really the same thing. user-status polls each IPA Master to determine the lockout status which also conveniently for you includes the last successful and failed login attempts. user-find won't do this. You could use user-find to find all the login names and then iterate a user-status on them but be aware that this could be pretty intensive. rob > > Thank you in advance for your help. > > Best regards. > > Lune. > > Le ven. 16 août 2019 à 14:14, Rob Crittenden via FreeIPA-users > <freeipa-users(a)lists.fedorahosted.org <mailto:freeipa-users@lists.fedorahosted.org> > <mailto:freeipa-users@lists.fedorahosted.org <mailto:freeipa-users@lists.fedorahosted.org>>> a écrit : > >     Arpit Tolani via FreeIPA-users wrote: >      > It is never synced across masters, Check this on all servers. >      > >      > ipa user-show --all --raw <user> | grep krbLastSuccessfulAuth > >     ipa user-status <user> will do this. > >     rob > >      > >      > >      > >      > On Fri, Aug 16, 2019 at 3:12 PM Boyd Ako via FreeIPA-users >      > <freeipa-users(a)lists.fedorahosted.org <mailto:freeipa-users@lists.fedorahosted.org> >     <mailto:freeipa-users@lists.fedorahosted.org <mailto:freeipa-users@lists.fedorahosted.org>> >      > <mailto:freeipa-users@lists.fedorahosted.org <mailto:freeipa-users@lists.fedorahosted.org> >     <mailto:freeipa-users@lists.fedorahosted.org <mailto:freeipa-users@lists.fedorahosted.org>>>> wrote: >      > >      >     Is there any way to check when a user has last logged into any of >      >     the systems? I've tried `ipa user-show`, but the "Last Successful >      >     Authentication" is N/A. >      >     _______________________________________________ >      >     FreeIPA-users mailing list -- >     freeipa-users(a)lists.fedorahosted.org <mailto:freeipa-users@lists.fedorahosted.org> >     <mailto:freeipa-users@lists.fedorahosted.org <mailto:freeipa-users@lists.fedorahosted.org>> >      >     <mailto:freeipa-users@lists.fedorahosted.org <mailto:freeipa-users@lists.fedorahosted.org> >     <mailto:freeipa-users@lists.fedorahosted.org <mailto:freeipa-users@lists.fedorahosted.org>>> >      >     To unsubscribe send an email to >      > freeipa-users-leave(a)lists.fedorahosted.org <mailto:freeipa-users-leave@lists.fedorahosted.org> >     <mailto:freeipa-users-leave@lists.fedorahosted.org <mailto:freeipa-users-leave@lists.fedorahosted.org>> >      >     <mailto:freeipa-users-leave@lists.fedorahosted.org <mailto:freeipa-users-leave@lists.fedorahosted.org> >     <mailto:freeipa-users-leave@lists.fedorahosted.org <mailto:freeipa-users-leave@lists.fedorahosted.org>>> >      >     Fedora Code of Conduct: >      > https://docs.fedoraproject.org/en-US/project/code-of-conduct/ >      >     List Guidelines: >     https://fedoraproject.org/wiki/Mailing_list_guidelines >      >     List Archives: >      > >     https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedorahosted.org >      > >      > >      > >      > -- >      > Thanks & Regards >      > Arpit Tolani >      > >      > >      > >      > _______________________________________________ >      > FreeIPA-users mailing list -- >     freeipa-users(a)lists.fedorahosted.org <mailto:freeipa-users@lists.fedorahosted.org> >     <mailto:freeipa-users@lists.fedorahosted.org <mailto:freeipa-users@lists.fedorahosted.org>> >      > To unsubscribe send an email to >     freeipa-users-leave(a)lists.fedorahosted.org <mailto:freeipa-users-leave@lists.fedorahosted.org> >     <mailto:freeipa-users-leave@lists.fedorahosted.org <mailto:freeipa-users-leave@lists.fedorahosted.org>> >      > Fedora Code of Conduct: >     https://docs.fedoraproject.org/en-US/project/code-of-conduct/ >      > List Guidelines: >     https://fedoraproject.org/wiki/Mailing_list_guidelines >      > List Archives: >     https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedorahosted.org >      > >     _______________________________________________ >     FreeIPA-users mailing list -- freeipa-users(a)lists.fedorahosted.org <mailto:freeipa-users@lists.fedorahosted.org> >     <mailto:freeipa-users@lists.fedorahosted.org <mailto:freeipa-users@lists.fedorahosted.org>> >     To unsubscribe send an email to >     freeipa-users-leave(a)lists.fedorahosted.org <mailto:freeipa-users-leave@lists.fedorahosted.org> >     <mailto:freeipa-users-leave@lists.fedorahosted.org <mailto:freeipa-users-leave@lists.fedorahosted.org>> >     Fedora Code of Conduct: >     https://docs.fedoraproject.org/en-US/project/code-of-conduct/ >     List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines >     List Archives: >     https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedorahosted.org > > > > _______________________________________________ > FreeIPA-users mailing list -- freeipa-users(a)lists.fedorahosted.org <mailto:freeipa-users@lists.fedorahosted.org> > To unsubscribe send an email to freeipa-users-leave(a)lists.fedorahosted.org <mailto:freeipa-users-leave@lists.fedorahosted.org> > Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ > List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines > List Archives: https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedoraho... >