FreeIPA reset failed locked out admin account

This is a short note on how to unlock admin account for FreeIPA. # kinit admin kinit: Client’s credentials have been revoked while getting initial credentials When too many incorrect password attempts are made, the admin account is locked out. To unlock it, perform the following on the FreeIPA server: # ldapmodify -x -D "cn=directory manager" -W Enter LDAP Password: dn: uid=admin,cn=users,cn=accounts,dc=example,dc=com changetype: modify delete: krbLoginFailedCount To process the modification enter Control-D....

February 3, 2022 · 1 min · 94 words · kenno

Freeipa Unable to Communicate With Cms 403

A new post, a new problem, and a solution. Earlier today I worked on a task involving SSSD, System Security Services Daemon, a system service to access remote directories and authentication mechanisms. It got both excited and a little worried at the same times, since it’s been a long while since I had do anything with SSSD. Fast forward to the evening, I realized I had a FreeIPA server set up a long time ago right after passing the Red Hat Certified Specialist in Identity Management exam (EX362)....

February 2, 2022 · 1 min · 201 words · kenno

Configure oVirt Manager to Authenticate Against FreeIPA

This is quick note on how to configure an oVirt Manager or RHV Manager to use the FreeIPA to provide user external authentication. Here’s my servers’ information: IPA server: ipa.angkorian.io (CentOS 8.3.2011) oVirt Hosted-Engine: ovirtm.angkorian.io (CentOS 8.3.2011) IPA user: ovirtadmin First, open SSH connection to ovirtm as root and ensure that ovirt-engine-extension-aaa-ldap-setup package is installed. Here is a tip to figure out the name of this package - I’d search for ovirt*ldap....

December 26, 2020 · 4 min · 760 words · kenno

FreeIPA - Adding New User

I have a FreeIPA server with the following information: FreeIPA server: utility.lab.example.com FreeIPA realm: LAB.EXAMPLE.COM FreeIPA domain: lab.example.com I want to add 2 normal users: User Login: rhvadmin, First Name: RHV, Last Name: Admin, Password: CentOS123^ User Login: normaluser, First Name: Normal, Last Name: User, Password: CentOS123^ [root@utility ~]# ipa user-add rhvadmin --first RHV --last Admin --password Password: CentOS123^ Enter Password again to verify: CentOS123^ --------------------- Added user "rhvadmin" --------------------- User login: rhvadmin First name: RHV Last name: Admin Full name: RHV Admin Display name: RHV Admin Initials: RA Home directory: /home/rhvadmin GECOS: RHV Admin Login shell: /bin/sh Principal name: rhvadmin@LAB....

December 4, 2020 · 2 min · 241 words · kenno

FreeIPA - Adding New DNS Record

I have a FreeIPA server with the following information. FreeIPA server: utility.lab.example.com FreeIPA realm: LAB.EXAMPLE.COM FreeIPA domain: lab.example.com. I want to insert a few DNS records: hosta.lab.example.com - 172.25.250.10 hostb.lab.example.com - 172.25.250.11 hostc.lab.example.com - 172.25.250.12 hostd.lab.example.com - 172.25.250.13 bastion.lab.example.com - 172.25.250.254 And I’d like to use the command line to do this. Acquire the admin’s Kerberos ticket. [root@utility ~]# kinit admin Password for admin@LAB.EXAMPLE.COM: List the DNS zones. [root@utility ~]# ipa dnszone-find Zone name: 250....

December 1, 2020 · 3 min · 487 words · kenno

Installing FreeIPA on CentOS 8

This is my note about installing FreeIPA on a CentOS 8 machine. It’s a bit different from the FreeIPA’s installation on CentOS 7, and most importantly there was a problem I came across during the installation and how to fix it. Configure Static IP [root@utility ~]# nmcli con mod enp1s0 ipv4.addresses 172.25.250.8/24 \ > ipv4.method manual \ > ipv4.gateway 172.25.250.254 \ > ipv4.dns 172.25.252.1 \ > connection.autoconnect yes [root@utility ~]# nmcli con up enp1s0 Ensure the hostname of this server exists in /etc/hosts....

November 24, 2020 · 4 min · 721 words · kenno

Passed EX362 Identity Management

Today I passed the Red Hat Identity Management exa, EX362, with the score of 233/300. The material used to prepare for the exam is the RH362 online course, provided Red Hat. At first I wasn’t sure if I should use of the 5 exam credits (as part of one-year training subscription), but it turned out that IdM/FreeIPA is useful and fun to learn. Here are some tips for this exam:...

November 19, 2020 · 1 min · 146 words · kenno