OK. I Think I've got this licked. I had to manually activate the account
on both the Active Directory and the FreeIPA server. I think what was
happening was this:
1. Admin activates the account on IPA server (moves cn=inactivated to
cn-activated)
2. IPA server schedules windows sync
3. IPA server reads windows status disabled
4. IPA disables FreeIPA account
5. IPA server updates AD account to enable
6. IPA server schedules 2nd windows sync
7. IPA server updates AD account to disable
I don't know why this account is encountering this issue. It just
started flipping disabled at about 2:00 am today.
_______________________________________________
Freeipa-users mailing list
[email protected]
https://www.redhat.com/mailman/listinfo/freeipa-users
