A locked account is different from a disabled account. If an account is disabled, use ipa user-enable username . Insufficient Privileges
The syntax is straightforward. Replace username with the actual UID of the locked user: ipa user-unlock username Use code with caution. ipa user-unlock
Understanding the ipa user-unlock Command: A Guide for FreeIPA Administrators A locked account is different from a disabled account