Hello, How do I reset the admin password in FreeIPA 4.2.0 running on CentOS7?
Some details: Some months ago I stood up FreeIPA as a POC in our lab. I was pulled into other projects, and in my infinite wisdom forgot to put the admin password in our password store. New we've got users trying to use it, but I'm unable to login with the admin credentials, or login to the web gui using my Windows Domain Admin credentials. (I am able to authenticate using my Windows Domain credentials to linux servers joined to the FreeIPA domain though...) I've tried the instructions found here: https://www.redhat.com/archives/freeipa-users/2011-May/msg00144.html But as the freeipa domain is a sub sub sub domain of our windows domain, I have no idea how to build the OU tree. i.e. Windows domain is foo.com, FreeIPA domain is biz.baz.bar.foo.com. I've tried: - uid=admin,cn=users,cn=accounts,dc=biz,dc=baz,dc=bar,dc=foo,dc=com - uid=admin,cn=users,cn=accounts,cn=biz,cn=baz,cn=bar,dc=foo,dc=com - uid=admin,cn=users,cn=accounts,dc=biz.baz.bar.foo,dc=com and I'm sure a few other iteration, but no matter what, I get the error: >> ldap_start_tls: Operations error (1) >> additional info: SSL connection already established. According to this page: http://www.freeipa.org/page/Howto/Change_Directory_Manager_Password As of 3.2.2 "the procedure" is automated in ipa-replica-prepare... I'm confused by this statement, because the implication seems to be that the password reset policy is automated in the replica-prepare... "tool"? the help options say "Prepare a file for replica installation." So I'm not really sure how that helps... I found these instructions on how to reset the directory manager password... http://directory.fedoraproject.org/docs/389ds/howto/howto-resetdirmgrpassword.html But I don't think that's what I want as I'm trying to reset the "admin" password. So at this point I'm pretty well lost and desperate for hints... Is there any documentation on resetting the admin password for 4.2.0? Thanks!
-- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project