cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Help
bkarol2025
Cadet
Cadet
yesterday
  • 41 Views

Lab grader reports FAIL – Verifying default password expiration of users on serverb

Environment:
RHEL training lab (Red Hat Training Portal)
Hosts: workstation (student) and serverb (target)
Grader command: lab grade users-review

Issue:
The grader consistently fails on: “Verifying default password expiration of users on serverb – The default password expiration of the users is not specified.” All other checks pass.

Business impact:
Blocks completion of the lab and confirmation of password-aging compliance on serverb.

Steps to reproduce:

  1. Defaults in /etc/login.defs:
    PASS_MAX_DAYS 30
    PASS_MIN_DAYS 0
    PASS_MIN_LEN 8
    PASS_WARN_AGE 7

  2. Existing users configured:
    chage -m 0 -M 30 -W 7 consultant1
    chage -m 0 -M 15 -W 7 consultant2 (lab exception)
    chage -m 0 -M 30 -W 7 consultant3
    chage -E "$(date -d '+90 days' +%F)" consultant1
    chage -E "$(date -d '+90 days' +%F)" consultant2
    chage -E "$(date -d '+90 days' +%F)" consultant3
    chage -d 0 consultant1
    chage -d 0 consultant2
    chage -d 0 consultant3

  3. Other login accounts aligned (examples):
    chage -m 0 -M 30 -W 7 student
    chage -m 0 -M 30 -W 7 devops
    chage -m 0 -M 30 -W 7 cloud-user
    chage -m 0 -M 30 -W 7 default_user
    chage -m 0 -M 30 -W 7 defcheck
    chage -m 0 -M 30 -W 7 defcheck3

  4. Login-shell accounts verified from /etc/passwd:
    root, student, devops, cloud-user, default_user, defcheck, defcheck3, consultant1, consultant2, consultant3
    Each shows via “chage -l ”: Minimum 0, Maximum 30 (15 for consultant2), Warning 7.

  5. Default inheritance verified with a new user:
    useradd tmpcheck
    chage -l tmpcheck shows “Maximum … : 30”
    userdel -r tmpcheck

  6. Running “lab grade users-review” still fails on the default password expiration check.

Troubleshooting performed:

  • Ensured no duplicate or commented conflicting lines in /etc/login.defs. Normalized values to 30/0/8/7.

  • Audited /etc/shadow for field 5 empty, -1, or 99999 and remediated any login users.

  • Tested with root at M=99999 and at M=30 (with -d today to avoid forced change). The specific FAIL persists either way.

Expected result:
With defaults set to 30/0/8/7, all login users aligned (0/30/7, consultant2 at 15), and a new user inheriting 30, the grader should pass the default password expiration check.

Actual result:
FAIL – Verifying default password expiration of users on serverb – The default password expiration of the users is not specified.

Request:

  • Please confirm the grader’s exact evaluation logic for this check (defaults vs per-user settings, which accounts are evaluated).

  • Advise any additional configuration required to satisfy the grader in this lab.8ba51056-7d52-459c-bd92-4741c57fe6fc.jpg

 

Labels (1)
Labels
0 Kudos
Join the discussion
1 Reply
shashi01
Moderator
Moderator
59m ago
  • 12 Views

 @bkarol2025, please check this link: https://learn.redhat.com/t5/RH124-Red-Hat-System/Error-on-Lab-Manage-Local-Users-and-Groups/m-p/5483.... It should help resolve your issue and allow you to proceed without further blocking.

0 Kudos
Join the discussion
You must log in to join this conversation.
Red Hat Learning Community

Red Hat

Learning Community

A collaborative learning environment, enabling open source skill development.

Red Hat Inc. Copyright ?2025 Red Hat, Inc. Privacy policy Terms of use