Ah, now SophiaB wants in on the action too. Looks like my lucky day. Seriously though, I think the community needs to anonymize participants out of necessity.
On Mon, Dec 5, 2016 at 12:02 PM, Joseph Flynn <[email protected]> wrote: > Me too. Within minutes of my first posting, I have good old Kimmi > offering me all kinds of favors. All of our emails are exposed to the > group which I'd like to trust but we obviously can't. All it takes is for > a spammer to join the group and they will eventually collect a group of > active emails with a very targeted demographic. > > On Mon, Dec 5, 2016 at 11:45 AM, Stefan Uygur <[email protected] > > wrote: > >> Guys, >> >> Since I replied to the list I keep receiving spam emails, what is >> happening? >> >> >> >> *From:* Stefan Uygur >> *Sent:* 05 December 2016 16:40 >> *To:* 'Callum Guy'; Florence Blanc-Renaud; [email protected] >> *Subject:* RE: [Freeipa-users] Directory Manager Password Change >> >> >> >> Glad you solved your issue. >> >> >> >> I’ve been there myself so don’t worry about it at all. >> >> >> >> *From:* Callum Guy [mailto:[email protected] <[email protected]>] >> >> *Sent:* 05 December 2016 16:37 >> *To:* Stefan Uygur; Florence Blanc-Renaud; [email protected] >> *Subject:* Re: [Freeipa-users] Directory Manager Password Change >> >> >> >> Hi Stefan, >> >> >> >> Thanks for your input, I am able to clarify that I wasn't simply copying >> and pasting in - the dollar sign was included in my password rather than >> the example. But yes, no denying that my command line skills are to blame. >> >> >> >> Further to this problem I am happy to report that the issue is now >> solved. My main issue was the dollar sign meaning that I had updated the DM >> password incorrectly for FreeIPA. Secondly I appear to have caused an issue >> with SSSD and it was a restart of this service which finally resolved the >> issue for me. I doubt there is much to be learnt from my issue - definitely >> user error. >> >> >> >> Thanks so much for your responses, very much appreciated. Apologies for >> taking up your time. >> >> >> >> Callum >> >> >> >> >> >> >> >> On Mon, Dec 5, 2016 at 2:48 PM Stefan Uygur <[email protected]> >> wrote: >> >> Hi, >> >> I think you are copying and pasting the exact same commands from the >> article, which is of course a wrong approach. Never copy/paste from web to >> execute on your server. That $ signs indicates you can give any name you’d >> like. >> >> >> >> Follow this article here: >> >> https://access.redhat.com/solutions/308623 >> >> >> >> Stefan >> >> >> >> >> >> *From:* [email protected] [mailto:freeipa-users-bounces@ >> redhat.com] *On Behalf Of *Callum Guy >> *Sent:* 05 December 2016 13:38 >> *To:* Florence Blanc-Renaud; [email protected] >> *Subject:* Re: [Freeipa-users] Directory Manager Password Change >> >> >> >> Hi Flo, >> >> >> >> I have indeed executed every step in order, including the one you have >> indicated. >> >> >> >> The password I has used included a dollar sign and this meant that echo >> -n $DM_PASSWORD > /root/dm_password didn't work as I had expected >> meaning everything after the dollar was interpreted as a variable and was >> missing in the file. I have corrected this and performed the full process >> again, starting with the 389 reset however it is still not working >> correctly. >> >> >> >> I remain in the same state as before where the admin password has not >> been changed - this confuses me as my understanding is that admin only >> exists as the FreeIPA web admin user whose password I can change >> separately. Am i misunderstanding, is there another admin user within >> FreeIPA which is directly linked to the directory manager? >> >> >> >> Having run out of ideas I have just executed ipa-server-upgrade however >> this hasn't helped. My situation remains as follows: >> >> >> >> *Works:* ldapsearch -x -D "cn=directory manager" -w *NEW_DM_PW *-s >> base -b "" "objectclass=*" >> >> *Fails: *ldapsearch -h localhost -ZZ -p 389 -x -D >> "uid=admin,ou=people,o=ipaca" -w *NEW_DM_PW *-b "" -s base >> >> >> >> Are you able to offer any other ideas? >> >> >> >> Other information: >> >> I can confirm that cacert.p12 has been updated by the actions performed. >> >> File /etc/pki/pki-tomcat/password.conf now contains a new line >> internaldb=*NEW_DM_PW *(as per instruction 1 on FreeIPA link) >> >> >> >> Best Regards, >> >> >> >> Callum >> >> >> >> >> >> On Mon, Dec 5, 2016 at 1:08 PM Florence Blanc-Renaud <[email protected]> >> wrote: >> >> On 12/05/2016 01:05 PM, Callum Guy wrote: >> > Hi All, >> > >> > I have been testing FreeIPA and now plan to migrate to production use - >> > thanks for creating such a great application! >> > >> > During the test phase we have been using simple passwords for the admin >> > and directory manager users however we need these changed before moving >> > into production. I believe we can change the admin password using the >> > web interface however as I understand it amending the directory manager >> > password is not so straightforward. >> > >> > I have found this >> > link https://www.freeipa.org/page/Howto/Change_Directory_Manager_ >> Password however >> > I am unsure if this is the correct procedure for our installation - >> > certainly i am having no luck so far. >> > >> > We have the following setup: >> > >> > FreeIPA 4.2.0 - single master server (no replicas), multiple clients >> > CentOS 7.2 >> > >> > I have tried the following steps in order: >> > >> > http://directory.fedoraproject.org/docs/389ds/howto/howto-re >> setdirmgrpassword.html >> > followed by >> > https://www.freeipa.org/page/Howto/Change_Directory_Manager_Password >> > >> > After completing that I am no longer able to authenticate user logins. >> > The below covers my current situation: >> > >> > This works: >> > ldapsearch -x -D "cn=directory manager" -w NEWPASSWORD -s base -b "" >> > "objectclass=*" >> > >> > This does not work: >> > ldapsearch -x -D "cn=directory manager" -w OLDPASSWORD -s base -b "" >> > "objectclass=*" >> > >> > This works: >> > ldapsearch -h localhost -ZZ -p 389 -x -D "uid=admin,ou=people,o=ipaca" >> > -W -b "" -s base >> > OLDPASSWORD >> > >> > This does not work: >> > ldapsearch -h localhost -ZZ -p 389 -x -D "uid=admin,ou=people,o=ipaca" >> > -W -b "" -s base >> > NEWPASSWORD >> > >> Hi, >> >> your commands show that the Directory Manager password was properly >> modified, but not admin's password. Did you run the step 3 Updating PKI >> admin password of the procedure [1]? >> ldappasswd -h localhost -ZZ -p $CA_PORT -x -D "cn=Directory Manager" -W >> -T /root/dm_password "uid=admin,ou=people,o=ipaca" >> >> Flo. >> >> [1] >> https://www.freeipa.org/page/Howto/Change_Directory_Manager_ >> Password#3._Update_PKI_admin_password >> >> > So i'm i a mixed up state! Is anyone able to offer advise on resolving >> > this issue? >> > >> > Thank you, >> > >> > Callum >> > >> > >> > >> > >> > >> > *^0333 332 0000 | www.x-on.co.uk <http://www.x-on.co.uk> | _ >> > **_^<https://twitter.com/xonuk> >> > <http://www.linkedin.com/company/x-on/products> >> > <https://www.facebook.com/XonTel> * >> > X-on is a trading name of Storacall Technology Ltd a limited company >> > registered in England and Wales. >> > Registered Office : Avaland House, 110 London Road, Apsley, Hemel >> > Hempstead, Herts, HP3 9SD. Company Registration No. 2578478. >> > The information in this e-mail is confidential and for use by the >> > addressee(s) only. If you are not the intended recipient, please notify >> > X-on immediately on +44(0)333 332 0000 <+44%20333%20332%200000> and >> delete the >> > message from your computer. If you are not a named addressee you must >> > not use, disclose, disseminate, distribute, copy, print or reply to this >> > email. Views or opinions expressed by an individual >> > within this email may not necessarily reflect the views of X-on or its >> > associated companies. Although X-on routinely screens for viruses, >> > addressees should scan this email and any attachments >> > for viruses. X-on makes no representation or warranty as to the absence >> > of viruses in this email or any attachments. >> > >> > >> > >> >> >> >> *0333 332 0000 | www.x-on.co.uk <http://www.x-on.co.uk> | * * >> <https://twitter.com/xonuk> >> <http://www.linkedin.com/company/x-on/products> >> <https://www.facebook.com/XonTel>* >> >> X-on is a trading name of Storacall Technology Ltd a limited company >> registered in England and Wales. >> Registered Office : Avaland House, 110 London Road, Apsley, Hemel >> Hempstead, Herts, HP3 9SD. Company Registration No. 2578478. >> The information in this e-mail is confidential and for use by the >> addressee(s) only. If you are not the intended recipient, please notify >> X-on immediately on +44(0)333 332 0000 <+44%20333%20332%200000> and >> delete the >> message from your computer. If you are not a named addressee you must not >> use, disclose, disseminate, distribute, copy, print or reply to this email. >> Views or opinions expressed by an individual >> within this email may not necessarily reflect the views of X-on or its >> associated companies. Although X-on routinely screens for viruses, >> addressees should scan this email and any attachments >> for viruses. X-on makes no representation or warranty as to the absence >> of viruses in this email or any attachments. >> >> >> >> *0333 332 0000 | www.x-on.co.uk <http://www.x-on.co.uk> | * * >> <https://twitter.com/xonuk> >> <http://www.linkedin.com/company/x-on/products> >> <https://www.facebook.com/XonTel>* >> X-on is a trading name of Storacall Technology Ltd a limited company >> registered in England and Wales. >> Registered Office : Avaland House, 110 London Road, Apsley, Hemel >> Hempstead, Herts, HP3 9SD. Company Registration No. 2578478. >> The information in this e-mail is confidential and for use by the >> addressee(s) only. If you are not the intended recipient, please notify >> X-on immediately on +44(0)333 332 0000 <+44%20333%20332%200000> and >> delete the >> message from your computer. If you are not a named addressee you must not >> use, disclose, disseminate, distribute, copy, print or reply to this email. >> Views or opinions expressed by an individual >> within this email may not necessarily reflect the views of X-on or its >> associated companies. Although X-on routinely screens for viruses, >> addressees should scan this email and any attachments >> for viruses. X-on makes no representation or warranty as to the absence >> of viruses in this email or any attachments. >> >> -- >> Manage your subscription for the Freeipa-users mailing list: >> https://www.redhat.com/mailman/listinfo/freeipa-users >> Go to http://freeipa.org for more info on the project >> > >
-- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project
