In simple terms: An IPA user-unlock turns a locked iPhone into an iPod touch.
$ ipa user-show jsmith --all | grep "Account lockout" Account lockout status: False ipa user-unlock
| Error Message | Likely Cause | Solution | |---------------|--------------|----------| | ipa: ERROR: user not found | Incorrect username | Use ipa user-find --login to search. | | ipa: ERROR: insufficient access | Not authenticated as admin | Run kinit admin first. | | User is not locked | Account was already unlocked | No action needed; check other factors (e.g., expired password). | In simple terms: An IPA user-unlock turns a
If an account is frequently locked, administrators can use the ipa user-status command to view the number of failed login attempts across all replicas and the time of the last failed authentication. ipa user-status Use code with caution. Copied to clipboard | | User is not locked | Account
For those who prefer a graphical interface, the same action can be performed via the IdM Web UI . Navigate to Identity > Users , select the locked user, and click the Unlock button in the actions menu.