Hebert, Henry wrote:
Thank you for the respons Rob.
[root@hostname ~]# ipa user-show admin
User login: admin
Last name: Administrator
Home directory: /home/admin
Login shell: /bin/bash
UID: ####
GID: ####
Account disabled: False
Password: True
Member of groups: admins, trust admins
Indirect Member of HBAC rule: hostname
Kerberos keys available: True
[root@hostname ~]#
[root@hostname ~]#
[root@hostname ~]#
[root@hostname ~]# ipa user-status admin
-----------------------
Account disabled: False
-----------------------
Server: hostname
Failed logins: 12
Last successful authentication: 2013-07-25T13:14:27Z
Last failed authentication: 2013-07-26T13:12:04Z
Time now: 2013-08-01T18:52:44Z
----------------------------
Number of entries returned 1
----------------------------
Sure seems like the password policy is preventing the login. You might
try: ipa pwpolicy-show --user=admin
Do you have any other users in the admins group?
Do you know the Directory Manager password? (set during IPA install).
rob
On Thu, Aug 1, 2013 at 2:26 PM, Rob Crittenden <[email protected]
<mailto:[email protected]>> wrote:
Hebert, Henry wrote:
I have inherited an ipa system that has been running fantastic.
However
the gui is no longer functioning. I was wondering if this list
has seen
this sort of error in the past.
hostname# kinit admin
kinit: Clients credentials have been revoked while getting initial
credentials
This is unrelated to the GUI. It appears that the admin account is
disabled or locked due to too many failed logins. Using any other
user, can you do ipa user-show admin?
Look for:
Account disabled: True
If it is False then try ipa user-status admin see the number of
failed logins.
rob
so i then tried
http://docs.fedoraproject.org/__en-US/Fedora/17/html/FreeIPA___Guide/using-the-ui.html#tab.__ui-troubleshooting
<http://docs.fedoraproject.org/en-US/Fedora/17/html/FreeIPA_Guide/using-the-ui.html#tab.ui-troubleshooting>
[hostname]# cat /tmp/moz.log
64608032[7fad03b53150]: using REQ_DELEGATE
64608032[7fad03b53150]: service = hostname
64608032[7fad03b53150]: using negotiate-gss
64608032[7fad03b53150]: entering nsAuthGSSAPI::nsAuthGSSAPI()
64608032[7fad03b53150]: Attempting to load gss functions
64608032[7fad03b53150]: entering nsAuthGSSAPI::Init()
64608032[7fad03b53150]: nsHttpNegotiateAuth::__GenerateCredentials()
[challenge=Negotiate]
64608032[7fad03b53150]: entering nsAuthGSSAPI::GetNextToken()
64608032[7fad03b53150]: gss_init_sec_context() failed:
Unspecified GSS
failure. Minor code may provide more information
64608032[7fad03b53150]: leaving nsAuthGSSAPI::GetNextToken
[rv=80004005]
Thanks in advance!
Henry
--
Henry Hebert
System Administrator III
_________________________________________________
Freeipa-users mailing list
[email protected] <mailto:[email protected]>
https://www.redhat.com/__mailman/listinfo/freeipa-users
<https://www.redhat.com/mailman/listinfo/freeipa-users>
--
Henry Hebert
System Administrator III
454 Life Sciences
A Roche Company
15 Commercial Street
Branford, CT 06405
Phone +1 203 871 2249
Mobile +1 203 215 5904
e-mail [email protected] <mailto:[email protected]>____
/Visit our new webpage, featuring the “454 Sequencing breakthrough
community webinar series” at www.454.com <http://www.454.com/>/____
*Confidentiality Note*
This message is intended only for the use of the named recipient(s) and
may contain confidential and/or privileged information. If you are not
the intended recipient, please contact the sender and delete the
message. Any unauthorized use of the information contained in this
message is prohibited.
_______________________________________________
Freeipa-users mailing list
[email protected]
https://www.redhat.com/mailman/listinfo/freeipa-users
