I have the DM password how do i unlock with it? ipa user-find doesn't show any user named Directory Manager?
On Thu, Aug 1, 2013 at 4:43 PM, Henry Hebert <henry.heb...@roche.com> wrote: > My user is in the admins group however not in the "trust admins" > > Group name: admins > Description: Account administrators group > GID: 988200000 > Member users: admin, XXXXXXXXX, hhebertXXX > Member of HBAC rule: hostname > > Group name: trust admins > Description: Trusts administrators group > Member users: admin > > I ran the above command to the same results. > > [hhebertXXX@hostname ~]$ ipa user-unlock admin > ipa: ERROR: did not receive Kerberos credentials > > I am asking the installer about the DM password. > > Again thx for all your help. > Henry > > > > On Thu, Aug 1, 2013 at 4:24 PM, Rob Crittenden <rcrit...@redhat.com>wrote: > >> Hebert, Henry wrote: >> >>> Aha! See Max failures below... >>> >>> [root@hostname ~]# ipa pwpolicy-show --user=admin >>> Group: global_policy >>> Max lifetime (days): 365 >>> Min lifetime (hours): 1 >>> History size: 1 >>> Character classes: 1 >>> Min length: 8 >>> Max failures: 12 >>> Failure reset interval: 0 >>> Lockout duration: 0 >>> >>> is there a command like pam_tally2 for ipa to reset the number of failed >>> logins? >>> >> >> ipa user-unlock <user> >> >> You need to be in the admins group to execute this. The account is >> permanently lock (until unlocked) because the lockout duration is 0, >> meaning forever. >> >> If you have the DM password we can use that account to unlock admin if >> you have no other users in the admins group. >> >> rob >> > > -- Henry Hebert System Administrator III 454 Life Sciences A Roche Company 15 Commercial Street Branford, CT 06405 Phone +1 203 871 2249 Mobile +1 203 215 5904 e-mail henry.heb...@roche.com**** *Visit our new webpage, featuring the “454 Sequencing breakthrough community webinar series” at www.454.com***** *Confidentiality Note* This message is intended only for the use of the named recipient(s) and may contain confidential and/or privileged information. If you are not the intended recipient, please contact the sender and delete the message. Any unauthorized use of the information contained in this message is prohibited.
_______________________________________________ Freeipa-users mailing list Freeipafirstname.lastname@example.org https://www.redhat.com/mailman/listinfo/freeipa-users