patron
asked on
To set individual SSO id @VC with Password Non Expiry
It is Customer decision using SSO id which r configured as service accounts to run schedulers for monitoring and backup.
So need to set Non expiry for such ID , while default expiry for all SSO Ids is set to 90 days
Can we Set Non Expiry for perticuler ids ? as no option available in web clients
VC Version is 6.5 [vCenter Server 6.5 Update 1d 2017-12-19 7312210] @Windows Server 2012
I did found one URL and tried the same for individual id
URL is - https://www.vxav.fr/2018-05-04-set-password-of-an-sso-user-to-never-expire/
Performed it like..
./dir-cli user modify --account srv-my-user --password-never-expires
Enter password for administrator@vsphere.loca l:
Password set to never expire for [srv-my-user]
still am getting pwd expiry days left message when login to my vc with that id?
How can we verify if this is valid solution?
Can we make those ids working for schedulers but not allowing to login to vc ?
Thanks
So need to set Non expiry for such ID , while default expiry for all SSO Ids is set to 90 days
Can we Set Non Expiry for perticuler ids ? as no option available in web clients
VC Version is 6.5 [vCenter Server 6.5 Update 1d 2017-12-19 7312210] @Windows Server 2012
I did found one URL and tried the same for individual id
URL is - https://www.vxav.fr/2018-05-04-set-password-of-an-sso-user-to-never-expire/
Performed it like..
./dir-cli user modify --account srv-my-user --password-never-expires
Enter password for administrator@vsphere.loca
Password set to never expire for [srv-my-user]
still am getting pwd expiry days left message when login to my vc with that id?
How can we verify if this is valid solution?
Can we make those ids working for schedulers but not allowing to login to vc ?
Thanks
Are you facing the password expiry notification when you login with administrator@vsphere.loca l or with other sso account.. Post reading your description, i am suspecting if you are using administrator as the account here. Can you clarify a bit more. The step should work fine and which version of vc in the environment?
ASKER
no it is not administrator@vsphere.loca l but it is xyz@@vsphere.local and abc@@vsphere.local
version is mentioned in question
version is mentioned in question
I have tried to set my sso account policy to 2 days .. created an account test in sso .. using the same commands, i tried to change the setting to never expire but it still throw me the same message... I validated the user property and it shows it is set to never expire (cannot share the steps as it involves third party tools).
I am still checking why the warning is displayed. I changed my user account expiry to 1 days. I will wait for a day and share the results if I can login or not..
Thanks,
MS
I am still checking why the warning is displayed. I changed my user account expiry to 1 days. I will wait for a day and share the results if I can login or not..
Thanks,
MS
ASKER
@Murali Sripadaany Luck ..as am facing same issue for me ?
I tried setting the SSO users policy to one day. I used the same step dir-cli user modify --account srv-my-user --password-never-expires. First time I got the message but second time onwards, i did not get that error and account works fine. If it does not apply then the very next day I should get prompted for password which does not happen. Hope this helps
Thanks,
Murali
Thanks,
Murali
ASKER
I tried setting the SSO users policy to one day ? using command line how?
dir-cli user modify --account srv-my-user --password-never-expires -did used it but yet getting pwd expire notification ?
is there any service restart reqired ?
dir-cli user modify --account srv-my-user --password-never-expires -did used it but yet getting pwd expire notification ?
is there any service restart reqired ?
ASKER
dir-cli user modify --account srv-my-user --password-never-expires - where we need to run this on PSC windows Server or on VC Windows Server ?
For Testing I made the sso password policy to one day not for individual user, its under the administration - sso user and groups - password policy..
No need to restart services but I wanted you to wait until expire time for the user post which it might not show that warning. Its sso user so try on psc as my vcsa is embedded vcsa
No need to restart services but I wanted you to wait until expire time for the user post which it might not show that warning. Its sso user so try on psc as my vcsa is embedded vcsa
ASKER
did tried - not working for me
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.