Hi,

Due to a bug in one of our maintanace scripts, I had to manually change some 
attributes for one of the users, e.g.: uid and uidNumber. I did it using
/usr/sbin/ipa-moduser --setattr="uid=username" --setattr="uidNumber=1221" 1221

(yeah, last argument is really user's uid ;)

After that user canno use any of the ipa-* scripts, he's getting:
"Connection to database failed: Invalid credentials: SASL(-14): authorization 
failure:"

I suppose is a problem with inconsistency in ldap and Kerberos database 
(probably Kerberos still has old data)

My question is how to fix that without generating new user (I really have to 
avoid that due to fact that this environment has some compliance restictions)

Regards,
-- 
Tomasz Z. Napierała
Systems Architecture Engineer,
IT Infrastructure Department
Allegro Team
http://www.allegro.pl/

Grupa Allegro Sp. z o.o. z siedzibą w Poznaniu, 60-324 Poznań, przy ul. 
Marcelińskiej 90, wpisana do rejestru przedsiębiorców prowadzonego przez Sąd 
Rejonowy Poznań - Nowe Miasto i Wilda, Wydział VIII Gospodarczy Krajowego 
Rejestru Sądowego pod numerem KRS 0000268796, o kapitale zakładowym w wysokości 
33 474 500 zł, posiadająca numer identyfikacji podatkowej NIP: 5272525995.

Attachment: smime.p7s
Description: S/MIME cryptographic signature

_______________________________________________
Freeipa-users mailing list
Freeipa-users@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-users

Reply via email to