[Freeipa-users] How to reset admin password in 4.2.0
Rob Crittenden
rcritten at redhat.com
Fri May 27 15:36:44 UTC 2016
Foo Bar wrote:
> Hello,
>
> How do I reset the admin password in FreeIPA 4.2.0 running on CentOS7?
>
> Some details:
>
> Some months ago I stood up FreeIPA as a POC in our lab. I was pulled
> into other projects, and in my infinite wisdom forgot to put the admin
> password in our password store. New we've got users trying to use it,
> but I'm unable to login with the admin credentials, or login to the web
> gui using my Windows Domain Admin credentials. (I am able to
> authenticate using my Windows Domain credentials to linux servers joined
> to the FreeIPA domain though...)
>
> I've tried the instructions found here:
> https://www.redhat.com/archives/freeipa-users/2011-May/msg00144.html
>
> But as the freeipa domain is a sub sub sub domain of our windows domain,
> I have no idea how to build the OU tree. i.e. Windows domain is foo.com
> <http://foo.com>, FreeIPA domain is biz.baz.bar.foo.com
> <http://biz.baz.bar.foo.com>. I've tried:
>
> - uid=admin,cn=users,cn=accounts,dc=biz,dc=baz,dc=bar,dc=foo,dc=com
> - uid=admin,cn=users,cn=accounts,cn=biz,cn=baz,cn=bar,dc=foo,dc=com
> - uid=admin,cn=users,cn=accounts,dc=biz.baz.bar.foo,dc=com
>
> and I'm sure a few other iteration, but no matter what, I get the error:
>
> >> ldap_start_tls: Operations error (1)
> >> additional info: SSL connection already established.
It depends on the ldappasswd command-line you're using but this has
nothing to do with the DN you are using, it is failing well before it
gets to that. Including the command-line you're using would help.
Try this:
$ ldappasswd -D 'cn=directory manager' -W -S
uid=admin,cn=users,cn=accounts,dc=example,dc=com
You can get the appropriate basedn from /etc/ipa/default.conf.
> According to this page:
> http://www.freeipa.org/page/Howto/Change_Directory_Manager_Password
>
> As of 3.2.2 "the procedure" is automated in ipa-replica-prepare... I'm
> confused by this statement, because the implication seems to be that the
> password reset policy is automated in the replica-prepare... "tool"?
> the help options say "Prepare a file for replica installation." So
> I'm not really sure how that helps...
The IPA wiki instructions are what to do if you change the Directory
Manager password, not HOW to do it (it links to 389-ds for that).
> I found these instructions on how to reset the directory manager
> password...
>
> http://directory.fedoraproject.org/docs/389ds/howto/howto-resetdirmgrpassword.html
>
> But I don't think that's what I want as I'm trying to reset the "admin"
> password.
>
> So at this point I'm pretty well lost and desperate for hints...
>
> Is there any documentation on resetting the admin password for 4.2.0?
>
> Thanks!
>
>
More information about the Freeipa-users
mailing list