Rob I tried the command. How do I unlock the account using the DM? [hhebertXXX@hostname ~]$ kinit hhebertXXX Password for hhebert...@dc.com: [hhebertXXX@hostname ~]$* ipa user-unlock admin* ipa: ERROR: Server is unwilling to perform: Entry permanently locked. [hhebertXXX@hostname ~]$
and now my username is permanently locked. [hhebertXXX@hostname ~]$ ipa user-status hhebertXXX ipa: ERROR: Server is unwilling to perform: Entry permanently locked. On Thu, Aug 1, 2013 at 4:52 PM, Henry Hebert <henry.heb...@roche.com> wrote: > I have the DM password how do i unlock with it? ipa user-find doesn't show > any user named Directory Manager? > > > On Thu, Aug 1, 2013 at 4:43 PM, Henry Hebert <henry.heb...@roche.com>wrote: > >> My user is in the admins group however not in the "trust admins" >> >> Group name: admins >> Description: Account administrators group >> GID: 988200000 >> Member users: admin, XXXXXXXXX, hhebertXXX >> Member of HBAC rule: hostname >> >> Group name: trust admins >> Description: Trusts administrators group >> Member users: admin >> >> I ran the above command to the same results. >> >> [hhebertXXX@hostname ~]$ ipa user-unlock admin >> ipa: ERROR: did not receive Kerberos credentials >> >> I am asking the installer about the DM password. >> >> Again thx for all your help. >> Henry >> >> >> >> On Thu, Aug 1, 2013 at 4:24 PM, Rob Crittenden <rcrit...@redhat.com>wrote: >> >>> Hebert, Henry wrote: >>> >>>> Aha! See Max failures below... >>>> >>>> [root@hostname ~]# ipa pwpolicy-show --user=admin >>>> Group: global_policy >>>> Max lifetime (days): 365 >>>> Min lifetime (hours): 1 >>>> History size: 1 >>>> Character classes: 1 >>>> Min length: 8 >>>> Max failures: 12 >>>> Failure reset interval: 0 >>>> Lockout duration: 0 >>>> >>>> is there a command like pam_tally2 for ipa to reset the number of failed >>>> logins? >>>> >>> >>> ipa user-unlock <user> >>> >>> You need to be in the admins group to execute this. The account is >>> permanently lock (until unlocked) because the lockout duration is 0, >>> meaning forever. >>> >>> If you have the DM password we can use that account to unlock admin if >>> you have no other users in the admins group. >>> >>> rob >>> >> >> > > > -- > > Henry Hebert > System Administrator III > 454 Life Sciences > A Roche Company > > 15 Commercial Street > Branford, CT 06405 > Phone +1 203 871 2249 > Mobile +1 203 215 5904 > e-mail henry.heb...@roche.com**** > > *Visit our new webpage, featuring the “454 Sequencing breakthrough > community webinar series” at www.454.com***** > > *Confidentiality Note* > This message is intended only for the use of the named recipient(s) and > may contain confidential and/or privileged information. If you are not the > intended recipient, please contact the sender and delete the message. Any > unauthorized use of the information contained in this message is prohibited. > -- Henry Hebert System Administrator III 454 Life Sciences A Roche Company 15 Commercial Street Branford, CT 06405 Phone +1 203 871 2249 Mobile +1 203 215 5904 e-mail henry.heb...@roche.com**** *Visit our new webpage, featuring the “454 Sequencing breakthrough community webinar series” at www.454.com***** *Confidentiality Note* This message is intended only for the use of the named recipient(s) and may contain confidential and/or privileged information. If you are not the intended recipient, please contact the sender and delete the message. Any unauthorized use of the information contained in this message is prohibited.
_______________________________________________ Freeipa-users mailing list Freeipa-users@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-users