My user is in the admins group however not in the "trust admins"

Group name: admins
  Description: Account administrators group
  GID: 988200000
  Member users: admin, XXXXXXXXX,  hhebertXXX
  Member of HBAC rule: hostname

 Group name: trust admins
  Description: Trusts administrators group
  Member users: admin

I ran the above command to the same results.

[hhebertXXX@hostname ~]$ ipa user-unlock admin
ipa: ERROR: did not receive Kerberos credentials

I am asking the installer about the DM password.

Again thx for all your help.
Henry



On Thu, Aug 1, 2013 at 4:24 PM, Rob Crittenden <rcrit...@redhat.com> wrote:

> Hebert, Henry wrote:
>
>> Aha!  See Max failures below...
>>
>> [root@hostname ~]# ipa pwpolicy-show --user=admin
>>    Group: global_policy
>>    Max lifetime (days): 365
>>    Min lifetime (hours): 1
>>    History size: 1
>>    Character classes: 1
>>    Min length: 8
>>    Max failures: 12
>>    Failure reset interval: 0
>>    Lockout duration: 0
>>
>> is there a command like pam_tally2 for ipa to reset the number of failed
>> logins?
>>
>
> ipa user-unlock <user>
>
> You need to be in the admins group to execute this. The account is
> permanently lock (until unlocked) because the lockout duration is 0,
> meaning forever.
>
> If you have the DM password we can use that account to unlock admin if you
> have no other users in the admins group.
>
> rob
>
_______________________________________________
Freeipa-users mailing list
Freeipa-users@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-users

Reply via email to