[Freeipa-users] kinit - gui
Hebert, Henry
henry.hebert at roche.com
Thu Aug 1 20:52:28 UTC 2013
I have the DM password how do i unlock with it? ipa user-find doesn't show
any user named Directory Manager?
On Thu, Aug 1, 2013 at 4:43 PM, Henry Hebert <henry.hebert at roche.com> wrote:
> My user is in the admins group however not in the "trust admins"
>
> Group name: admins
> Description: Account administrators group
> GID: 988200000
> Member users: admin, XXXXXXXXX, hhebertXXX
> Member of HBAC rule: hostname
>
> Group name: trust admins
> Description: Trusts administrators group
> Member users: admin
>
> I ran the above command to the same results.
>
> [hhebertXXX at hostname ~]$ ipa user-unlock admin
> ipa: ERROR: did not receive Kerberos credentials
>
> I am asking the installer about the DM password.
>
> Again thx for all your help.
> Henry
>
>
>
> On Thu, Aug 1, 2013 at 4:24 PM, Rob Crittenden <rcritten at redhat.com>wrote:
>
>> Hebert, Henry wrote:
>>
>>> Aha! See Max failures below...
>>>
>>> [root at hostname ~]# ipa pwpolicy-show --user=admin
>>> Group: global_policy
>>> Max lifetime (days): 365
>>> Min lifetime (hours): 1
>>> History size: 1
>>> Character classes: 1
>>> Min length: 8
>>> Max failures: 12
>>> Failure reset interval: 0
>>> Lockout duration: 0
>>>
>>> is there a command like pam_tally2 for ipa to reset the number of failed
>>> logins?
>>>
>>
>> ipa user-unlock <user>
>>
>> You need to be in the admins group to execute this. The account is
>> permanently lock (until unlocked) because the lockout duration is 0,
>> meaning forever.
>>
>> If you have the DM password we can use that account to unlock admin if
>> you have no other users in the admins group.
>>
>> rob
>>
>
>
--
Henry Hebert
System Administrator III
454 Life Sciences
A Roche Company
15 Commercial Street
Branford, CT 06405
Phone +1 203 871 2249
Mobile +1 203 215 5904
e-mail henry.hebert at roche.com****
*Visit our new webpage, featuring the “454 Sequencing breakthrough
community webinar series” at www.454.com*****
*Confidentiality Note*
This message is intended only for the use of the named recipient(s) and may
contain confidential and/or privileged information. If you are not the
intended recipient, please contact the sender and delete the message. Any
unauthorized use of the information contained in this message is prohibited.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20130801/3669f2b6/attachment.htm>
More information about the Freeipa-users
mailing list