I found this. http://directory.fedoraproject.org/wiki/Howto:PasswordReset Still trying to get the syntax down correctly but I think this is what I am looking for.
On Fri, Aug 2, 2013 at 10:15 AM, Henry Hebert <[email protected]>wrote: > Rob I tried the command. How do I unlock the account using the DM? > > [hhebertXXX@hostname ~]$ kinit hhebertXXX > Password for [email protected]: > > [hhebertXXX@hostname ~]$* ipa user-unlock admin* > ipa: ERROR: Server is unwilling to perform: Entry permanently locked. > [hhebertXXX@hostname ~]$ > > and now my username is permanently locked. > > [hhebertXXX@hostname ~]$ ipa user-status hhebertXXX > ipa: ERROR: Server is unwilling to perform: Entry permanently locked. > > > > > On Thu, Aug 1, 2013 at 4:52 PM, Henry Hebert <[email protected]>wrote: > >> I have the DM password how do i unlock with it? ipa user-find doesn't >> show any user named Directory Manager? >> >> >> On Thu, Aug 1, 2013 at 4:43 PM, Henry Hebert <[email protected]>wrote: >> >>> My user is in the admins group however not in the "trust admins" >>> >>> Group name: admins >>> Description: Account administrators group >>> GID: 988200000 >>> Member users: admin, XXXXXXXXX, hhebertXXX >>> Member of HBAC rule: hostname >>> >>> Group name: trust admins >>> Description: Trusts administrators group >>> Member users: admin >>> >>> I ran the above command to the same results. >>> >>> [hhebertXXX@hostname ~]$ ipa user-unlock admin >>> ipa: ERROR: did not receive Kerberos credentials >>> >>> I am asking the installer about the DM password. >>> >>> Again thx for all your help. >>> Henry >>> >>> >>> >>> On Thu, Aug 1, 2013 at 4:24 PM, Rob Crittenden <[email protected]>wrote: >>> >>>> Hebert, Henry wrote: >>>> >>>>> Aha! See Max failures below... >>>>> >>>>> [root@hostname ~]# ipa pwpolicy-show --user=admin >>>>> Group: global_policy >>>>> Max lifetime (days): 365 >>>>> Min lifetime (hours): 1 >>>>> History size: 1 >>>>> Character classes: 1 >>>>> Min length: 8 >>>>> Max failures: 12 >>>>> Failure reset interval: 0 >>>>> Lockout duration: 0 >>>>> >>>>> is there a command like pam_tally2 for ipa to reset the number of >>>>> failed >>>>> logins? >>>>> >>>> >>>> ipa user-unlock <user> >>>> >>>> You need to be in the admins group to execute this. The account is >>>> permanently lock (until unlocked) because the lockout duration is 0, >>>> meaning forever. >>>> >>>> If you have the DM password we can use that account to unlock admin if >>>> you have no other users in the admins group. >>>> >>>> rob >>>> >>> >>> >> >> >> -- >> >> Henry Hebert >> System Administrator III >> 454 Life Sciences >> A Roche Company >> >> 15 Commercial Street >> Branford, CT 06405 >> Phone +1 203 871 2249 >> Mobile +1 203 215 5904 >> e-mail [email protected]**** >> >> *Visit our new webpage, featuring the “454 Sequencing breakthrough >> community webinar series” at www.454.com***** >> >> *Confidentiality Note* >> This message is intended only for the use of the named recipient(s) and >> may contain confidential and/or privileged information. If you are not the >> intended recipient, please contact the sender and delete the message. Any >> unauthorized use of the information contained in this message is prohibited. >> > > > > -- > > Henry Hebert > System Administrator III > 454 Life Sciences > A Roche Company > > 15 Commercial Street > Branford, CT 06405 > Phone +1 203 871 2249 > Mobile +1 203 215 5904 > e-mail [email protected]**** > > *Visit our new webpage, featuring the “454 Sequencing breakthrough > community webinar series” at www.454.com***** > > *Confidentiality Note* > This message is intended only for the use of the named recipient(s) and > may contain confidential and/or privileged information. If you are not the > intended recipient, please contact the sender and delete the message. Any > unauthorized use of the information contained in this message is prohibited. > -- Henry Hebert System Administrator III 454 Life Sciences A Roche Company 15 Commercial Street Branford, CT 06405 Phone +1 203 871 2249 Mobile +1 203 215 5904 e-mail [email protected]**** *Visit our new webpage, featuring the “454 Sequencing breakthrough community webinar series” at www.454.com***** *Confidentiality Note* This message is intended only for the use of the named recipient(s) and may contain confidential and/or privileged information. If you are not the intended recipient, please contact the sender and delete the message. Any unauthorized use of the information contained in this message is prohibited.
_______________________________________________ Freeipa-users mailing list [email protected] https://www.redhat.com/mailman/listinfo/freeipa-users
