My user is in the admins group however not in the "trust admins" Group name: admins Description: Account administrators group GID: 988200000 Member users: admin, XXXXXXXXX, hhebertXXX Member of HBAC rule: hostname
Group name: trust admins Description: Trusts administrators group Member users: admin I ran the above command to the same results. [hhebertXXX@hostname ~]$ ipa user-unlock admin ipa: ERROR: did not receive Kerberos credentials I am asking the installer about the DM password. Again thx for all your help. Henry On Thu, Aug 1, 2013 at 4:24 PM, Rob Crittenden <[email protected]> wrote: > Hebert, Henry wrote: > >> Aha! See Max failures below... >> >> [root@hostname ~]# ipa pwpolicy-show --user=admin >> Group: global_policy >> Max lifetime (days): 365 >> Min lifetime (hours): 1 >> History size: 1 >> Character classes: 1 >> Min length: 8 >> Max failures: 12 >> Failure reset interval: 0 >> Lockout duration: 0 >> >> is there a command like pam_tally2 for ipa to reset the number of failed >> logins? >> > > ipa user-unlock <user> > > You need to be in the admins group to execute this. The account is > permanently lock (until unlocked) because the lockout duration is 0, > meaning forever. > > If you have the DM password we can use that account to unlock admin if you > have no other users in the admins group. > > rob >
_______________________________________________ Freeipa-users mailing list [email protected] https://www.redhat.com/mailman/listinfo/freeipa-users
