This is a short note on how to unlock admin account for FreeIPA.
# kinit admin kinit: Client’s credentials have been revoked while getting initial credentials
When too many incorrect password attempts are made, the
admin account is locked out. To unlock it, perform the following on the FreeIPA server:
# ldapmodify -x -D "cn=directory manager" -W Enter LDAP Password: dn: uid=admin,cn=users,cn=accounts,dc=example,dc=com changetype: modify delete: krbLoginFailedCount
To process the modification enter Control-D. If it’s successful you’ll receive a this message:
modifying entry “uid=admin,cn=users,cn=accounts,dc=example,dc=com”