[Freeipa-users] kinit - gui

Hebert, Henry henry.hebert at roche.com
Thu Aug 1 20:52:28 UTC 2013 

I have the DM password how do i unlock with it? ipa user-find doesn't show
any user named Directory Manager?


On Thu, Aug 1, 2013 at 4:43 PM, Henry Hebert <henry.hebert at roche.com> wrote:

> My user is in the admins group however not in the "trust admins"
>
> Group name: admins
>   Description: Account administrators group
>   GID: 988200000
>   Member users: admin, XXXXXXXXX,  hhebertXXX
>   Member of HBAC rule: hostname
>
>  Group name: trust admins
>   Description: Trusts administrators group
>    Member users: admin
>
> I ran the above command to the same results.
>
> [hhebertXXX at hostname ~]$ ipa user-unlock admin
> ipa: ERROR: did not receive Kerberos credentials
>
> I am asking the installer about the DM password.
>
> Again thx for all your help.
> Henry
>
>
>
> On Thu, Aug 1, 2013 at 4:24 PM, Rob Crittenden <rcritten at redhat.com>wrote:
>
>> Hebert, Henry wrote:
>>
>>> Aha!  See Max failures below...
>>>
>>> [root at hostname ~]# ipa pwpolicy-show --user=admin
>>>    Group: global_policy
>>>    Max lifetime (days): 365
>>>    Min lifetime (hours): 1
>>>    History size: 1
>>>    Character classes: 1
>>>    Min length: 8
>>>    Max failures: 12
>>>    Failure reset interval: 0
>>>    Lockout duration: 0
>>>
>>> is there a command like pam_tally2 for ipa to reset the number of failed
>>> logins?
>>>
>>
>> ipa user-unlock <user>
>>
>> You need to be in the admins group to execute this. The account is
>> permanently lock (until unlocked) because the lockout duration is 0,
>> meaning forever.
>>
>> If you have the DM password we can use that account to unlock admin if
>> you have no other users in the admins group.
>>
>> rob
>>
>
>


-- 

Henry Hebert
System Administrator III
454 Life Sciences
A Roche Company

15 Commercial Street
Branford, CT 06405
Phone  +1 203 871 2249
Mobile  +1 203 215 5904
e-mail  henry.hebert at roche.com****

*Visit our new webpage, featuring the “454 Sequencing breakthrough
community webinar series” at www.454.com*****

*Confidentiality Note*
This message is intended only for the use of the named recipient(s) and may
contain confidential and/or privileged information. If you are not the
intended recipient, please contact the sender and delete the message. Any
unauthorized use of the information contained in this message is prohibited.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20130801/3669f2b6/attachment.htm>

More information about the Freeipa-users mailing list