Thank you for the responds,This started when I was trying to add a RockyLinux 8 replica to CentOS7 Master node. Replica add process failed but after that this new issue started on admin account lockout. I did remove bad replica but admin account getting locked.What do you mean ssh port close? How can I manage this server without SSH?How do I disable locking of admin accounts? Do you have command handy because I tried google and there are lots of other info but not password policy related.On Fri, May 10, 2024 at 2:00 AM Yavor Marinov <ymarinov@gmail.com> wrote:Hey Satish,had the same issue, when initially installing and integrating FreeIPA - in my case was an enrolled host which had its ssh port opened, which led to numerous requests for authentication for user admin.I would suggest a couple of measures: closing ssh ports and allowing only authentication with keys, increasing lock attempts for logging in or (I personally do not use it) disable the locking IPA wide.On Thu, May 9, 2024 at 9:10 PM Satish Patel via FreeIPA-users <freeipa-users@lists.fedorahosted.org> wrote:Folks,--I have noticed my admin account keeps getting locked out because of failed attempts but I don't know from where and how. I tried to dig into logs but didn't find any trace of attempt.$ ipa-replica-manage list
Re-run /usr/sbin/ipa-replica-manage with --verbose option to get more information
Unexpected error: Server is unwilling to perform: Too many failed logins.$ ipa user-show --all admin
dn: uid=admin,cn=users,cn=accounts,dc=foo,dc=com
User login: admin
Last name: Administrator
Full name: Administrator
Home directory: /home/admin
GECOS: Administrator
Login shell: /bin/bash
Principal alias: admin@FOO.COM
UID: 1000
GID: 1000
Account disabled: False
Preserved user: False
Password: True
Member of groups: admins, trust admins, no-pwd-policy
Kerberos keys available: True
ipauniqueid: 97f5d270-d355-11e6-a809-000c29712463
krbextradata: AALmz2BfYWRtaW5AVklWT1guQ09NAA==
krblastadminunlock: 20240509172126Z
krblastpwdchange: 20200915142958Z
krblastsuccessfulauth: 20240509172620Z
krbloginfailedcount: 0
krbpwdpolicyreference: cn=no-pwd-policy,cn=FOO.COM,cn=kerberos,dc=foo,dc=com
krbticketflags: 128
objectclass: top, person, posixaccount, krbprincipalaux, krbticketpolicyaux, inetuser, ipaobject, ipasshuser, ipaSshGroupOfPubKeysAfter running following command it do unlock but in few minutes it will get lock again$ ipa user-unlock admin
_______________________________________________
FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org
To unsubscribe send an email to freeipa-users-leave@lists.fedorahosted.org
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedorahosted.org
Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue