On 1 Mar 2018, at 17:50, Jochen Hein wrote:
Bret Wortman via FreeIPA-users <freeipa-users@lists.fedorahosted.org>
writes:
# kinit admin
kint: Client's credentials have been revoked while getting initial
credentials
Then while looking at /var/log/httpd/error_log:
[date] [:error] [pid] [remote 192.168.1.50:96] Database Error: Server
is unwilling to perform: Too many failed logins.
What the? How can my admin account be getting locked?
Do you have an IPA client exposed to the internet? Drive-by test
logins
often try admin and yould lock you out. You should filter the users
with sssd. Add this to your /etc/sss/sssd.conf and restart sssd:
[nss]
filter_users = root, admin
Jochen
--
This space is intentionally left blank.
I’l try that, but this system is on a private network. It _is_ a
replacement that I’m trying to set up to replace two others (see my
saga with having lost our CA and being unable to retrieve it), so it’s
possible that someone is somehow getting to this one instead of the
others and it’s just not ready for them yet.
That said, when I used my personal account which is in the admins group,
I was able to see that admin wasn’t disabled. Hmmmm.
--
Bret Wortman
The Damascus Group LLC
_______________________________________________
FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org
To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org
