[Freeipa-users] kinit - gui
Rob Crittenden
rcritten at redhat.com
Thu Aug 1 18:59:15 UTC 2013
Hebert, Henry wrote:
> Thank you for the respons Rob.
>
>
> [root at hostname ~]# ipa user-show admin
> User login: admin
> Last name: Administrator
> Home directory: /home/admin
> Login shell: /bin/bash
> UID: ####
> GID: ####
> Account disabled: False
> Password: True
> Member of groups: admins, trust admins
> Indirect Member of HBAC rule: hostname
> Kerberos keys available: True
> [root at hostname ~]#
> [root at hostname ~]#
> [root at hostname ~]#
> [root at hostname ~]# ipa user-status admin
> -----------------------
> Account disabled: False
> -----------------------
> Server: hostname
> Failed logins: 12
> Last successful authentication: 2013-07-25T13:14:27Z
> Last failed authentication: 2013-07-26T13:12:04Z
> Time now: 2013-08-01T18:52:44Z
> ----------------------------
> Number of entries returned 1
> ----------------------------
Sure seems like the password policy is preventing the login. You might
try: ipa pwpolicy-show --user=admin
Do you have any other users in the admins group?
Do you know the Directory Manager password? (set during IPA install).
rob
>
>
>
>
>
>
> On Thu, Aug 1, 2013 at 2:26 PM, Rob Crittenden <rcritten at redhat.com
> <mailto:rcritten at redhat.com>> wrote:
>
> Hebert, Henry wrote:
>
> I have inherited an ipa system that has been running fantastic.
> However
> the gui is no longer functioning. I was wondering if this list
> has seen
> this sort of error in the past.
>
> hostname# kinit admin
> kinit: Clients credentials have been revoked while getting initial
> credentials
>
>
> This is unrelated to the GUI. It appears that the admin account is
> disabled or locked due to too many failed logins. Using any other
> user, can you do ipa user-show admin?
>
> Look for:
>
> Account disabled: True
>
> If it is False then try ipa user-status admin see the number of
> failed logins.
>
> rob
>
>
> so i then tried
> http://docs.fedoraproject.org/__en-US/Fedora/17/html/FreeIPA___Guide/using-the-ui.html#tab.__ui-troubleshooting
> <http://docs.fedoraproject.org/en-US/Fedora/17/html/FreeIPA_Guide/using-the-ui.html#tab.ui-troubleshooting>
>
>
> [hostname]# cat /tmp/moz.log
> 64608032[7fad03b53150]: using REQ_DELEGATE
> 64608032[7fad03b53150]: service = hostname
> 64608032[7fad03b53150]: using negotiate-gss
> 64608032[7fad03b53150]: entering nsAuthGSSAPI::nsAuthGSSAPI()
> 64608032[7fad03b53150]: Attempting to load gss functions
> 64608032[7fad03b53150]: entering nsAuthGSSAPI::Init()
> 64608032[7fad03b53150]: nsHttpNegotiateAuth::__GenerateCredentials()
> [challenge=Negotiate]
> 64608032[7fad03b53150]: entering nsAuthGSSAPI::GetNextToken()
> 64608032[7fad03b53150]: gss_init_sec_context() failed:
> Unspecified GSS
> failure. Minor code may provide more information
> 64608032[7fad03b53150]: leaving nsAuthGSSAPI::GetNextToken
> [rv=80004005]
>
>
> Thanks in advance!
> Henry
>
> --
>
> Henry Hebert
> System Administrator III
>
>
>
> _________________________________________________
> Freeipa-users mailing list
> Freeipa-users at redhat.com <mailto:Freeipa-users at redhat.com>
> https://www.redhat.com/__mailman/listinfo/freeipa-users
> <https://www.redhat.com/mailman/listinfo/freeipa-users>
>
>
>
>
>
> --
>
> Henry Hebert
> System Administrator III
> 454 Life Sciences
> A Roche Company
>
> 15 Commercial Street
> Branford, CT 06405
> Phone +1 203 871 2249
> Mobile +1 203 215 5904
> e-mail henry.hebert at roche.com <mailto:henry.hebert at roche.com>____
>
> /Visit our new webpage, featuring the “454 Sequencing breakthrough
> community webinar series” at www.454.com <http://www.454.com/>/____
>
> *Confidentiality Note*
> This message is intended only for the use of the named recipient(s) and
> may contain confidential and/or privileged information. If you are not
> the intended recipient, please contact the sender and delete the
> message. Any unauthorized use of the information contained in this
> message is prohibited.
>
More information about the Freeipa-users
mailing list