Hi,
First, you can check which password policy settings are applied to your admin user:
# kinit admin
# ipa pwpolicy-show --user admin
Group: global_policy
Max lifetime (days): 90
Min lifetime (hours): 1
History size: 0
Character classes: 0
Min length: 8
Max failures: 6
Failure reset interval: 60
Lockout duration: 600
Max repeat: 5
Grace login limit: -1
In the above example, the user can get locked after 6 authentication failures. You can use the command "ipa user-status admin" to check how many failed logins happened.
If the admin account gets locked because of failed logins, you need to find if those are malicious attempts. Try to identify from which machine the attempts are issued (from /var/log/krb5kdc.log), etc...
flo