On ti, 03 heinä 2018, skrawczenko--- via FreeIPA-users wrote:
Somehow, the admin account is permanently locked
just a simple reproduction
sh-4.2# kinit admin kinit: Client's credentials have been revoked while getting initial credentials
sh-4.2# kdestroy -A
sh-4.2# kinit <another admin> Password for <another admin>@bla-bla
sh-4.2# ipa user-unlock admin
Unlocked account "admin"
sh-4.2# kdestroy -A
sh-4.2# kinit admin Password for admin@bla-bla
sh-4.2# kdestroy -A
sh-4.2# kinit admin kinit: Client's credentials have been revoked while getting initial credentials
And this is apparently related to the previous issue which still persists https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedorahoste...
Nothing suspicious in the logs or i'm looking at wrong logs.
Any ideas please assist, thanks.
You need to look at /var/log/krb5kdc.log on each master.