I have the DM password how do i unlock with it? ipa user-find doesn't show
any user named Directory Manager?


On Thu, Aug 1, 2013 at 4:43 PM, Henry Hebert <henry.heb...@roche.com> wrote:

> My user is in the admins group however not in the "trust admins"
>
> Group name: admins
>   Description: Account administrators group
>   GID: 988200000
>   Member users: admin, XXXXXXXXX,  hhebertXXX
>   Member of HBAC rule: hostname
>
>  Group name: trust admins
>   Description: Trusts administrators group
>    Member users: admin
>
> I ran the above command to the same results.
>
> [hhebertXXX@hostname ~]$ ipa user-unlock admin
> ipa: ERROR: did not receive Kerberos credentials
>
> I am asking the installer about the DM password.
>
> Again thx for all your help.
> Henry
>
>
>
> On Thu, Aug 1, 2013 at 4:24 PM, Rob Crittenden <rcrit...@redhat.com>wrote:
>
>> Hebert, Henry wrote:
>>
>>> Aha!  See Max failures below...
>>>
>>> [root@hostname ~]# ipa pwpolicy-show --user=admin
>>>    Group: global_policy
>>>    Max lifetime (days): 365
>>>    Min lifetime (hours): 1
>>>    History size: 1
>>>    Character classes: 1
>>>    Min length: 8
>>>    Max failures: 12
>>>    Failure reset interval: 0
>>>    Lockout duration: 0
>>>
>>> is there a command like pam_tally2 for ipa to reset the number of failed
>>> logins?
>>>
>>
>> ipa user-unlock <user>
>>
>> You need to be in the admins group to execute this. The account is
>> permanently lock (until unlocked) because the lockout duration is 0,
>> meaning forever.
>>
>> If you have the DM password we can use that account to unlock admin if
>> you have no other users in the admins group.
>>
>> rob
>>
>
>


-- 

Henry Hebert
System Administrator III
454 Life Sciences
A Roche Company

15 Commercial Street
Branford, CT 06405
Phone  +1 203 871 2249
Mobile  +1 203 215 5904
e-mail  henry.heb...@roche.com****

*Visit our new webpage, featuring the “454 Sequencing breakthrough
community webinar series” at www.454.com*****

*Confidentiality Note*
This message is intended only for the use of the named recipient(s) and may
contain confidential and/or privileged information. If you are not the
intended recipient, please contact the sender and delete the message. Any
unauthorized use of the information contained in this message is prohibited.
_______________________________________________
Freeipa-users mailing list
Freeipa-users@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-users

Reply via email to