Sorry for self-replying, I was able to solve it by using the 2nd IPA server:

[root@ipa2 ~]# kinit admin
Password for ad...@pleiades.uni-wuppertal.de:
[root@ipa2 ~]# ipa user-status admin
-----------------------
Account disabled: False
-----------------------
  Server: ipa.pleiades.uni-wuppertal.de
  Failed logins: 0
  Last successful authentication: 20150903090946Z
  Last failed authentication: 20150903090808Z
  Time now: 2015-09-03T09:09:47Z

  Server: ipa2.pleiades.uni-wuppertal.de
  Failed logins: 0
  Last successful authentication: 20150903090946Z
  Last failed authentication: 20150903090851Z
  Time now: 2015-09-03T09:09:47Z
-------------------------------------
Anzahl der zurückgegebenen Einträge 2
-------------------------------------
[root@ipa2 ~]# ipa user-unlock admin
-----------------------------
Konto »admin« wurde entsperrt
-----------------------------
[root@ipa2 ~]#


and now it works again on the primary:

[root@ipa ~]# kinit  admin
Password for ad...@pleiades.uni-wuppertal.de:
[root@ipa ~]# klist
Ticket cache: KEYRING:persistent:0:0
Default principal: ad...@pleiades.uni-wuppertal.de

Valid starting       Expires              Service principal
03.09.2015 11:11:07  04.09.2015 11:11:04
krbtgt/pleiades.uni-wuppertal...@pleiades.uni-wuppertal.de
[root@ipa ~]#


(Sorry for the german messages, my working machine is set to german).


Is there any to find out why the admin user was unlocked on the primary
machine? And would it be also possible to unlock the "admin" user with
one of the accounts inside the "admins" group? I am a bit afraid that we
will lock out ourselves next time that happens.

Thanks

 Torsten



-- 
<><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><>
<>                                                              <>
<> Dr. Torsten Harenberg     harenb...@physik.uni-wuppertal.de  <>
<> Bergische Universitaet                                       <>
<> FB C - Physik             Tel.: +49 (0)202 439-3521          <>
<> Gaussstr. 20              Fax : +49 (0)202 439-2811          <>
<> 42097 Wuppertal                                              <>
<>                                                              <>
<><><><><><><>< Of course it runs NetBSD http://www.netbsd.org ><>

-- 
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go to http://freeipa.org for more info on the project

Reply via email to