Hebert, Henry wrote:
Thank you for the respons Rob.

[root@hostname ~]# ipa user-show admin
   User login: admin
   Last name: Administrator
   Home directory: /home/admin
   Login shell: /bin/bash
   UID: ####
   GID: ####
   Account disabled: False
   Password: True
   Member of groups: admins, trust admins
   Indirect Member of HBAC rule: hostname
   Kerberos keys available: True
[root@hostname ~]#
[root@hostname ~]#
[root@hostname ~]#
[root@hostname ~]# ipa user-status admin
Account disabled: False
   Server: hostname
   Failed logins: 12
   Last successful authentication: 2013-07-25T13:14:27Z
   Last failed authentication: 2013-07-26T13:12:04Z
   Time now: 2013-08-01T18:52:44Z
Number of entries returned 1

Sure seems like the password policy is preventing the login. You might try: ipa pwpolicy-show --user=admin

Do you have any other users in the admins group?

Do you know the Directory Manager password? (set during IPA install).


On Thu, Aug 1, 2013 at 2:26 PM, Rob Crittenden <rcrit...@redhat.com
<mailto:rcrit...@redhat.com>> wrote:

    Hebert, Henry wrote:

        I have inherited an ipa system that has been running fantastic.
        the gui is no longer functioning.  I was wondering if this list
        has seen
        this sort of error in the past.

        hostname# kinit admin
        kinit: Clients credentials have been revoked while getting initial

    This is unrelated to the GUI. It appears that the admin account is
    disabled or locked due to too many failed logins. Using any other
    user, can you do ipa user-show admin?

    Look for:

       Account disabled: True

    If it is False then try ipa user-status admin see the number of
    failed logins.


        so i then tried

        [hostname]# cat /tmp/moz.log
        64608032[7fad03b53150]:   using REQ_DELEGATE
        64608032[7fad03b53150]:   service = hostname
        64608032[7fad03b53150]:   using negotiate-gss
        64608032[7fad03b53150]: entering nsAuthGSSAPI::nsAuthGSSAPI()
        64608032[7fad03b53150]: Attempting to load gss functions
        64608032[7fad03b53150]: entering nsAuthGSSAPI::Init()
        64608032[7fad03b53150]: nsHttpNegotiateAuth::__GenerateCredentials()
        64608032[7fad03b53150]: entering nsAuthGSSAPI::GetNextToken()
        64608032[7fad03b53150]: gss_init_sec_context() failed:
        Unspecified GSS
        failure.  Minor code may provide more information
        64608032[7fad03b53150]:   leaving nsAuthGSSAPI::GetNextToken

        Thanks in advance!


        Henry Hebert
        System Administrator III

        Freeipa-users mailing list
        Freeipa-users@redhat.com <mailto:Freeipa-users@redhat.com>


Henry Hebert
System Administrator III
454 Life Sciences
A Roche Company

15 Commercial Street
Branford, CT 06405
Phone  +1 203 871 2249
Mobile  +1 203 215 5904
e-mail henry.heb...@roche.com <mailto:henry.heb...@roche.com>____

/Visit our new webpage, featuring the “454 Sequencing breakthrough
community webinar series” at www.454.com <http://www.454.com/>/____

*Confidentiality Note*
This message is intended only for the use of the named recipient(s) and
may contain confidential and/or privileged information. If you are not
the intended recipient, please contact the sender and delete the
message. Any unauthorized use of the information contained in this
message is prohibited.

Freeipa-users mailing list

Reply via email to