[Freeipa-users] Kerberos problem with account with changed attributes
tomasz.napierala at allegro.pl
tomasz.napierala at allegro.pl
Thu Jun 9 11:04:22 UTC 2011
Hi,
Due to a bug in one of our maintanace scripts, I had to manually change some attributes for one of the users, e.g.: uid and uidNumber. I did it using
/usr/sbin/ipa-moduser --setattr="uid=username" --setattr="uidNumber=1221" 1221
(yeah, last argument is really user's uid ;)
After that user canno use any of the ipa-* scripts, he's getting:
"Connection to database failed: Invalid credentials: SASL(-14): authorization failure:"
I suppose is a problem with inconsistency in ldap and Kerberos database (probably Kerberos still has old data)
My question is how to fix that without generating new user (I really have to avoid that due to fact that this environment has some compliance restictions)
Regards,
--
Tomasz Z. Napierała
Systems Architecture Engineer,
IT Infrastructure Department
Allegro Team
http://www.allegro.pl/
Grupa Allegro Sp. z o.o. z siedzibą w Poznaniu, 60-324 Poznań, przy ul. Marcelińskiej 90, wpisana do rejestru przedsiębiorców prowadzonego przez Sąd Rejonowy Poznań - Nowe Miasto i Wilda, Wydział VIII Gospodarczy Krajowego Rejestru Sądowego pod numerem KRS 0000268796, o kapitale zakładowym w wysokości 33 474 500 zł, posiadająca numer identyfikacji podatkowej NIP: 5272525995.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 4565 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20110609/f1c62e6c/attachment.p7s>
More information about the Freeipa-users
mailing list