Hi,First, you can check which password policy settings are applied to your admin user:# kinit admin# ipa pwpolicy-show --user admin
Group: global_policy
Max lifetime (days): 90
Min lifetime (hours): 1
History size: 0
Character classes: 0
Min length: 8
Max failures: 6
Failure reset interval: 60
Lockout duration: 600
Max repeat: 5Grace login limit: -1In the above example, the user can get locked after 6 authentication failures. You can use the command "ipa user-status admin" to check how many failed logins happened.If the admin account gets locked because of failed logins, you need to find if those are malicious attempts. Try to identify from which machine the attempts are issued (from /var/log/krb5kdc.log), etc...floOn Tue, Apr 25, 2023 at 10:51 AM Yavor Marinov via FreeIPA-users <freeipa-users@lists.fedorahosted.org> wrote:_______________________________________________Hello all,We have a really strange problem with our installation of FreeIPA 4.10. We are using latest Alma 9.1 as OS, but the default user account admin is getting constantly locked. After kinit-ing with different admin user and unlocking the account it becomes available.Another side effect of this is that WebUI starts reporting that the service is unavailable with a popup. Once user admin is unlocked and ipa services are restarted everything becomes available.Can you give me some heads up what should i check (password policy expiration is set to 90 days)
FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org
To unsubscribe send an email to freeipa-users-leave@lists.fedorahosted.org
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedorahosted.org
Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue