Hebert, Henry wrote:
Thank you for the respons Rob.


[root@hostname ~]# ipa user-show admin
   User login: admin
   Last name: Administrator
   Home directory: /home/admin
   Login shell: /bin/bash
   UID: ####
   GID: ####
   Account disabled: False
   Password: True
   Member of groups: admins, trust admins
   Indirect Member of HBAC rule: hostname
   Kerberos keys available: True
[root@hostname ~]#
[root@hostname ~]#
[root@hostname ~]#
[root@hostname ~]# ipa user-status admin
-----------------------
Account disabled: False
-----------------------
   Server: hostname
   Failed logins: 12
   Last successful authentication: 2013-07-25T13:14:27Z
   Last failed authentication: 2013-07-26T13:12:04Z
   Time now: 2013-08-01T18:52:44Z
----------------------------
Number of entries returned 1
----------------------------

Sure seems like the password policy is preventing the login. You might try: ipa pwpolicy-show --user=admin

Do you have any other users in the admins group?

Do you know the Directory Manager password? (set during IPA install).

rob







On Thu, Aug 1, 2013 at 2:26 PM, Rob Crittenden <rcrit...@redhat.com
<mailto:rcrit...@redhat.com>> wrote:

    Hebert, Henry wrote:

        I have inherited an ipa system that has been running fantastic.
          However
        the gui is no longer functioning.  I was wondering if this list
        has seen
        this sort of error in the past.

        hostname# kinit admin
        kinit: Clients credentials have been revoked while getting initial
        credentials


    This is unrelated to the GUI. It appears that the admin account is
    disabled or locked due to too many failed logins. Using any other
    user, can you do ipa user-show admin?

    Look for:

       Account disabled: True

    If it is False then try ipa user-status admin see the number of
    failed logins.

    rob


        so i then tried
        
http://docs.fedoraproject.org/__en-US/Fedora/17/html/FreeIPA___Guide/using-the-ui.html#tab.__ui-troubleshooting
        
<http://docs.fedoraproject.org/en-US/Fedora/17/html/FreeIPA_Guide/using-the-ui.html#tab.ui-troubleshooting>


        [hostname]# cat /tmp/moz.log
        64608032[7fad03b53150]:   using REQ_DELEGATE
        64608032[7fad03b53150]:   service = hostname
        64608032[7fad03b53150]:   using negotiate-gss
        64608032[7fad03b53150]: entering nsAuthGSSAPI::nsAuthGSSAPI()
        64608032[7fad03b53150]: Attempting to load gss functions
        64608032[7fad03b53150]: entering nsAuthGSSAPI::Init()
        64608032[7fad03b53150]: nsHttpNegotiateAuth::__GenerateCredentials()
        [challenge=Negotiate]
        64608032[7fad03b53150]: entering nsAuthGSSAPI::GetNextToken()
        64608032[7fad03b53150]: gss_init_sec_context() failed:
        Unspecified GSS
        failure.  Minor code may provide more information
        64608032[7fad03b53150]:   leaving nsAuthGSSAPI::GetNextToken
        [rv=80004005]


        Thanks in advance!
        Henry

        --

        Henry Hebert
        System Administrator III



        _________________________________________________
        Freeipa-users mailing list
        Freeipa-users@redhat.com <mailto:Freeipa-users@redhat.com>
        https://www.redhat.com/__mailman/listinfo/freeipa-users
        <https://www.redhat.com/mailman/listinfo/freeipa-users>





--

Henry Hebert
System Administrator III
454 Life Sciences
A Roche Company

15 Commercial Street
Branford, CT 06405
Phone  +1 203 871 2249
Mobile  +1 203 215 5904
e-mail henry.heb...@roche.com <mailto:henry.heb...@roche.com>____

/Visit our new webpage, featuring the “454 Sequencing breakthrough
community webinar series” at www.454.com <http://www.454.com/>/____

*Confidentiality Note*
This message is intended only for the use of the named recipient(s) and
may contain confidential and/or privileged information. If you are not
the intended recipient, please contact the sender and delete the
message. Any unauthorized use of the information contained in this
message is prohibited.


_______________________________________________
Freeipa-users mailing list
Freeipa-users@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-users

Reply via email to