How do I reset the admin password in FreeIPA 4.2.0 running on CentOS7?

Some details:

Some months ago I stood up FreeIPA as a POC in our lab.  I was pulled into
other projects, and in my infinite wisdom forgot to put the admin password
in our password store.  New we've got users trying to use it, but I'm
unable to login with the admin credentials, or login to the web gui using
my Windows Domain Admin credentials.  (I am able to authenticate using my
Windows Domain credentials to linux servers joined to the FreeIPA domain

I've tried the instructions found here:

But as the freeipa domain is a sub sub sub domain of our windows domain, I
have no idea how to build the OU tree.  i.e. Windows domain is foo.com,
FreeIPA domain is biz.baz.bar.foo.com.  I've tried:

- uid=admin,cn=users,cn=accounts,dc=biz,dc=baz,dc=bar,dc=foo,dc=com
- uid=admin,cn=users,cn=accounts,cn=biz,cn=baz,cn=bar,dc=foo,dc=com
- uid=admin,cn=users,cn=accounts,dc=biz.baz.bar.foo,dc=com

and I'm sure a few other iteration, but no matter what, I get the error:

>> ldap_start_tls: Operations error (1)
>>         additional info: SSL connection already established.

According to this page:

As of 3.2.2 "the procedure" is automated in ipa-replica-prepare...  I'm
confused by this statement, because the implication seems to be that the
password reset policy is automated in the replica-prepare... "tool"?  the
help options say "Prepare a file for replica installation."  So I'm not
really sure how that helps...

I found these instructions on how to reset the directory manager


But I don't think that's what I want as I'm trying to reset the "admin"

So at this point I'm pretty well lost and desperate for hints...

Is there any documentation on resetting the admin password for 4.2.0?

Manage your subscription for the Freeipa-users mailing list:
Go to http://freeipa.org for more info on the project

Reply via email to