More precisely, when an MDM pushes a FileVault configuration profile, it includes a dictionary of keys. The user-unlock key (often nested under an ipa or FileVault dictionary) dictates if end users can authorize FileVault decryption on their own or if they require an IT admin to provide a master recovery key.
For troubleshooting integration issues in RHEL environments, the Red Hat Customer Portal provides specific solution guides. specifically for account unlocking? Permission / privilege to unlock accounts - FreeIPA-users
How to Use the ipa user-unlock Command to Manage Locked Accounts ipa user-unlock
------------------ Unlocked user "jsmith" ------------------ Use code with caution. Scenario 2: Unlocking a User on a Specific Replica
Do you need assistance for lockout behaviors? Share public link More precisely, when an MDM pushes a FileVault
If you want to dive deeper into FreeIPA account management, please let me know:
Before unlocking, you may want to verify if the account is actually locked or just disabled. Check status: ipa user-status Distinction: account is due to password failures; a account is a manual state set by an admin using ipa user-disable . You must use ipa user-enable to fix a disabled account, not user-unlock 🛡️ Delegating Unlock Permissions specifically for account unlocking
kinit admin ipa user-unlock jsmith
After an administrator resets a user's password using ipa-passwd , they may need to unlock the account if it was locked due to multiple failed attempts:
menu (typically located at the top right of the user details page) and select Proactive Management Tips 9.6. Unlocking User Accounts After Password Failures
Enter the configuration key known within the industry and in configuration profiles as .