subject:"\[Freeipa\-users\] How to reset admin password in 4.2.0"

Re: [Freeipa-users] How to reset admin password in 4.2.0

2016-05-27 Thread Rob Crittenden

Foo Bar wrote:

Hello,

How do I reset the admin password in FreeIPA 4.2.0 running on CentOS7?

Some details:

Some months ago I stood up FreeIPA as a POC in our lab.  I was pulled
into other projects, and in my infinite wisdom forgot to put the admin
password in our password store.  New we've got users trying to use it,
but I'm unable to login with the admin credentials, or login to the web
gui using my Windows Domain Admin credentials.  (I am able to
authenticate using my Windows Domain credentials to linux servers joined
to the FreeIPA domain though...)

I've tried the instructions found here:
https://www.redhat.com/archives/freeipa-users/2011-May/msg00144.html

But as the freeipa domain is a sub sub sub domain of our windows domain,
I have no idea how to build the OU tree.  i.e. Windows domain is foo.com
, FreeIPA domain is biz.baz.bar.foo.com
.  I've tried:

- uid=admin,cn=users,cn=accounts,dc=biz,dc=baz,dc=bar,dc=foo,dc=com
- uid=admin,cn=users,cn=accounts,cn=biz,cn=baz,cn=bar,dc=foo,dc=com
- uid=admin,cn=users,cn=accounts,dc=biz.baz.bar.foo,dc=com

and I'm sure a few other iteration, but no matter what, I get the error:

 >> ldap_start_tls: Operations error (1)
 >> additional info: SSL connection already established.

It depends on the ldappasswd command-line you're using but this has 
nothing to do with the DN you are using, it is failing well before it 
gets to that. Including the command-line you're using would help.

Try this:

$ ldappasswd -D 'cn=directory manager' -W -S 
uid=admin,cn=users,cn=accounts,dc=example,dc=com

You can get the appropriate basedn from /etc/ipa/default.conf.

According to this page:
http://www.freeipa.org/page/Howto/Change_Directory_Manager_Password

As of 3.2.2 "the procedure" is automated in ipa-replica-prepare...  I'm
confused by this statement, because the implication seems to be that the
password reset policy is automated in the replica-prepare... "tool"?
  the help options say "Prepare a file for replica installation."  So
I'm not really sure how that helps...

The IPA wiki instructions are what to do if you change the Directory 
Manager password, not HOW to do it (it links to 389-ds for that).

I found these instructions on how to reset the directory manager
password...

http://directory.fedoraproject.org/docs/389ds/howto/howto-resetdirmgrpassword.html

But I don't think that's what I want as I'm trying to reset the "admin"
password.

So at this point I'm pretty well lost and desperate for hints...

Is there any documentation on resetting the admin password for 4.2.0?

Thanks!

--
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go to http://freeipa.org for more info on the project

[Freeipa-users] How to reset admin password in 4.2.0

2016-05-27 Thread Foo Bar

Hello,

How do I reset the admin password in FreeIPA 4.2.0 running on CentOS7?

Some details:

Some months ago I stood up FreeIPA as a POC in our lab.  I was pulled into
other projects, and in my infinite wisdom forgot to put the admin password
in our password store.  New we've got users trying to use it, but I'm
unable to login with the admin credentials, or login to the web gui using
my Windows Domain Admin credentials.  (I am able to authenticate using my
Windows Domain credentials to linux servers joined to the FreeIPA domain
though...)

I've tried the instructions found here:
https://www.redhat.com/archives/freeipa-users/2011-May/msg00144.html

But as the freeipa domain is a sub sub sub domain of our windows domain, I
have no idea how to build the OU tree.  i.e. Windows domain is foo.com,
FreeIPA domain is biz.baz.bar.foo.com.  I've tried:

- uid=admin,cn=users,cn=accounts,dc=biz,dc=baz,dc=bar,dc=foo,dc=com
- uid=admin,cn=users,cn=accounts,cn=biz,cn=baz,cn=bar,dc=foo,dc=com
- uid=admin,cn=users,cn=accounts,dc=biz.baz.bar.foo,dc=com

and I'm sure a few other iteration, but no matter what, I get the error:

>> ldap_start_tls: Operations error (1)
>> additional info: SSL connection already established.

According to this page:
http://www.freeipa.org/page/Howto/Change_Directory_Manager_Password

As of 3.2.2 "the procedure" is automated in ipa-replica-prepare...  I'm
confused by this statement, because the implication seems to be that the
password reset policy is automated in the replica-prepare... "tool"?  the
help options say "Prepare a file for replica installation."  So I'm not
really sure how that helps...

I found these instructions on how to reset the directory manager
password...


http://directory.fedoraproject.org/docs/389ds/howto/howto-resetdirmgrpassword.html

But I don't think that's what I want as I'm trying to reset the "admin"
password.

So at this point I'm pretty well lost and desperate for hints...

Is there any documentation on resetting the admin password for 4.2.0?

Thanks!
-- 
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go to http://freeipa.org for more info on the project

Re: [Freeipa-users] How to reset admin password in 4.2.0

[Freeipa-users] How to reset admin password in 4.2.0

2 matches

Site Navigation

Mail list logo

Footer information