[Freeipa-users] kinit - gui

Hebert, Henry henry.hebert at roche.com
Fri Aug 2 14:55:33 UTC 2013 

I found this.  http://directory.fedoraproject.org/wiki/Howto:PasswordReset
Still trying to get the syntax down correctly but I think this is what I am
looking for.







On Fri, Aug 2, 2013 at 10:15 AM, Henry Hebert <henry.hebert at roche.com>wrote:

> Rob I tried the command.  How do I unlock the account using the DM?
>
> [hhebertXXX at hostname ~]$ kinit hhebertXXX
> Password for hhebertXXX at dc.COM:
>
> [hhebertXXX at hostname ~]$* ipa user-unlock admin*
> ipa: ERROR: Server is unwilling to perform: Entry permanently locked.
> [hhebertXXX at hostname ~]$
>
> and now my username is permanently locked.
>
> [hhebertXXX at hostname ~]$ ipa user-status hhebertXXX
> ipa: ERROR: Server is unwilling to perform: Entry permanently locked.
>
>
>
>
> On Thu, Aug 1, 2013 at 4:52 PM, Henry Hebert <henry.hebert at roche.com>wrote:
>
>> I have the DM password how do i unlock with it? ipa user-find doesn't
>> show any user named Directory Manager?
>>
>>
>> On Thu, Aug 1, 2013 at 4:43 PM, Henry Hebert <henry.hebert at roche.com>wrote:
>>
>>> My user is in the admins group however not in the "trust admins"
>>>
>>> Group name: admins
>>>   Description: Account administrators group
>>>   GID: 988200000
>>>   Member users: admin, XXXXXXXXX,  hhebertXXX
>>>   Member of HBAC rule: hostname
>>>
>>>  Group name: trust admins
>>>   Description: Trusts administrators group
>>>    Member users: admin
>>>
>>> I ran the above command to the same results.
>>>
>>> [hhebertXXX at hostname ~]$ ipa user-unlock admin
>>> ipa: ERROR: did not receive Kerberos credentials
>>>
>>> I am asking the installer about the DM password.
>>>
>>> Again thx for all your help.
>>> Henry
>>>
>>>
>>>
>>> On Thu, Aug 1, 2013 at 4:24 PM, Rob Crittenden <rcritten at redhat.com>wrote:
>>>
>>>> Hebert, Henry wrote:
>>>>
>>>>> Aha!  See Max failures below...
>>>>>
>>>>> [root at hostname ~]# ipa pwpolicy-show --user=admin
>>>>>    Group: global_policy
>>>>>    Max lifetime (days): 365
>>>>>    Min lifetime (hours): 1
>>>>>    History size: 1
>>>>>    Character classes: 1
>>>>>    Min length: 8
>>>>>    Max failures: 12
>>>>>    Failure reset interval: 0
>>>>>    Lockout duration: 0
>>>>>
>>>>> is there a command like pam_tally2 for ipa to reset the number of
>>>>> failed
>>>>> logins?
>>>>>
>>>>
>>>> ipa user-unlock <user>
>>>>
>>>> You need to be in the admins group to execute this. The account is
>>>> permanently lock (until unlocked) because the lockout duration is 0,
>>>> meaning forever.
>>>>
>>>> If you have the DM password we can use that account to unlock admin if
>>>> you have no other users in the admins group.
>>>>
>>>> rob
>>>>
>>>
>>>
>>
>>
>> --
>>
>> Henry Hebert
>> System Administrator III
>> 454 Life Sciences
>> A Roche Company
>>
>> 15 Commercial Street
>> Branford, CT 06405
>> Phone  +1 203 871 2249
>> Mobile  +1 203 215 5904
>> e-mail  henry.hebert at roche.com****
>>
>> *Visit our new webpage, featuring the “454 Sequencing breakthrough
>> community webinar series” at www.454.com*****
>>
>> *Confidentiality Note*
>> This message is intended only for the use of the named recipient(s) and
>> may contain confidential and/or privileged information. If you are not the
>> intended recipient, please contact the sender and delete the message. Any
>> unauthorized use of the information contained in this message is prohibited.
>>
>
>
>
> --
>
> Henry Hebert
> System Administrator III
> 454 Life Sciences
> A Roche Company
>
> 15 Commercial Street
> Branford, CT 06405
> Phone  +1 203 871 2249
> Mobile  +1 203 215 5904
> e-mail  henry.hebert at roche.com****
>
> *Visit our new webpage, featuring the “454 Sequencing breakthrough
> community webinar series” at www.454.com*****
>
> *Confidentiality Note*
> This message is intended only for the use of the named recipient(s) and
> may contain confidential and/or privileged information. If you are not the
> intended recipient, please contact the sender and delete the message. Any
> unauthorized use of the information contained in this message is prohibited.
>



-- 

Henry Hebert
System Administrator III
454 Life Sciences
A Roche Company

15 Commercial Street
Branford, CT 06405
Phone  +1 203 871 2249
Mobile  +1 203 215 5904
e-mail  henry.hebert at roche.com****

*Visit our new webpage, featuring the “454 Sequencing breakthrough
community webinar series” at www.454.com*****

*Confidentiality Note*
This message is intended only for the use of the named recipient(s) and may
contain confidential and/or privileged information. If you are not the
intended recipient, please contact the sender and delete the message. Any
unauthorized use of the information contained in this message is prohibited.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20130802/9bbcf60e/attachment.htm>

More information about the Freeipa-users mailing list