Sorry for self-replying, I was able to solve it by using the 2nd IPA server:
[root@ipa2 ~]# kinit admin Password for [email protected]: [root@ipa2 ~]# ipa user-status admin ----------------------- Account disabled: False ----------------------- Server: ipa.pleiades.uni-wuppertal.de Failed logins: 0 Last successful authentication: 20150903090946Z Last failed authentication: 20150903090808Z Time now: 2015-09-03T09:09:47Z Server: ipa2.pleiades.uni-wuppertal.de Failed logins: 0 Last successful authentication: 20150903090946Z Last failed authentication: 20150903090851Z Time now: 2015-09-03T09:09:47Z ------------------------------------- Anzahl der zurückgegebenen Einträge 2 ------------------------------------- [root@ipa2 ~]# ipa user-unlock admin ----------------------------- Konto »admin« wurde entsperrt ----------------------------- [root@ipa2 ~]# and now it works again on the primary: [root@ipa ~]# kinit admin Password for [email protected]: [root@ipa ~]# klist Ticket cache: KEYRING:persistent:0:0 Default principal: [email protected] Valid starting Expires Service principal 03.09.2015 11:11:07 04.09.2015 11:11:04 krbtgt/[email protected] [root@ipa ~]# (Sorry for the german messages, my working machine is set to german). Is there any to find out why the admin user was unlocked on the primary machine? And would it be also possible to unlock the "admin" user with one of the accounts inside the "admins" group? I am a bit afraid that we will lock out ourselves next time that happens. Thanks Torsten -- <><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><> <> <> <> Dr. Torsten Harenberg [email protected] <> <> Bergische Universitaet <> <> FB C - Physik Tel.: +49 (0)202 439-3521 <> <> Gaussstr. 20 Fax : +49 (0)202 439-2811 <> <> 42097 Wuppertal <> <> <> <><><><><><><>< Of course it runs NetBSD http://www.netbsd.org ><> -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project
