With FreeIPA 4.12.2-14.fc42 (and likely before), I have two hosts created in February 2025 that trigger the following:
ns-slapd: ALERT - ipalockout_postop - User fqdn=ws1.example.com,cn=computers,cn=accounts,dc=example,dc=com is locked out. Too many failed authentication attempts. They were enrolled using OTP just like my other hosts in the past have been. They are the only two hosts in my dual-master FreeIPA setup with multiple hosts that show krbLastFailedAuth and krbLoginFailedCount: ~]# ipa host-show ws1 --all --raw ... has_password: FALSE has_keytab: TRUE krbLastFailedAuth: 20250217182326Z krbLastPwdChange: 20250216234605Z krbLoginFailedCount: 0 How do they get this way and is there a way to "unlock" these hosts? Thanks. -- Anthony - https://messinet.com -- _______________________________________________ FreeIPA-users mailing list -- [email protected] To unsubscribe send an email to [email protected] Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/[email protected] Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
