Foo Bar wrote:
Hello,
How do I reset the admin password in FreeIPA 4.2.0 running on CentOS7?
Some details:
Some months ago I stood up FreeIPA as a POC in our lab. I was pulled
into other projects, and in my infinite wisdom forgot to put the admin
password in our password store. New we've got users trying to use it,
but I'm unable to login with the admin credentials, or login to the web
gui using my Windows Domain Admin credentials. (I am able to
authenticate using my Windows Domain credentials to linux servers joined
to the FreeIPA domain though...)
I've tried the instructions found here:
https://www.redhat.com/archives/freeipa-users/2011-May/msg00144.html
But as the freeipa domain is a sub sub sub domain of our windows domain,
I have no idea how to build the OU tree. i.e. Windows domain is foo.com
<http://foo.com>, FreeIPA domain is biz.baz.bar.foo.com
<http://biz.baz.bar.foo.com>. I've tried:
- uid=admin,cn=users,cn=accounts,dc=biz,dc=baz,dc=bar,dc=foo,dc=com
- uid=admin,cn=users,cn=accounts,cn=biz,cn=baz,cn=bar,dc=foo,dc=com
- uid=admin,cn=users,cn=accounts,dc=biz.baz.bar.foo,dc=com
and I'm sure a few other iteration, but no matter what, I get the error:
>> ldap_start_tls: Operations error (1)
>> additional info: SSL connection already established.
It depends on the ldappasswd command-line you're using but this has
nothing to do with the DN you are using, it is failing well before it
gets to that. Including the command-line you're using would help.
Try this:
$ ldappasswd -D 'cn=directory manager' -W -S
uid=admin,cn=users,cn=accounts,dc=example,dc=com
You can get the appropriate basedn from /etc/ipa/default.conf.
According to this page:
http://www.freeipa.org/page/Howto/Change_Directory_Manager_Password
As of 3.2.2 "the procedure" is automated in ipa-replica-prepare... I'm
confused by this statement, because the implication seems to be that the
password reset policy is automated in the replica-prepare... "tool"?
the help options say "Prepare a file for replica installation." So
I'm not really sure how that helps...
The IPA wiki instructions are what to do if you change the Directory
Manager password, not HOW to do it (it links to 389-ds for that).
I found these instructions on how to reset the directory manager
password...
http://directory.fedoraproject.org/docs/389ds/howto/howto-resetdirmgrpassword.html
But I don't think that's what I want as I'm trying to reset the "admin"
password.
So at this point I'm pretty well lost and desperate for hints...
Is there any documentation on resetting the admin password for 4.2.0?
Thanks!
--
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go to http://freeipa.org for more info on the project
