freeipa

This is a short note on how to unlock admin account for FreeIPA. # kinit admin kinit: Client’s credentials have been revoked while getting initial credentials When too many incorrect password attempts are made, the admin account is locked out. To unlock it, perform the following on the FreeIPA server: # ldapmodify -x -D "cn=directory manager" -W Enter LDAP Password: dn: uid=admin,cn=users,cn=accounts,dc=example,dc=com changetype: modify delete: krbLoginFailedCount To process the modification enter Control-D....

A new post, a new problem, and a solution. Earlier today I worked on a task involving SSSD, System Security Services Daemon, a system service to access remote directories and authentication mechanisms. It got both excited and a little worried at the same times, since it’s been a long while since I had do anything with SSSD. Fast forward to the evening, I realized I had a FreeIPA server set up a long time ago right after passing the Red Hat Certified Specialist in Identity Management exam (EX362)....

This is quick note on how to configure an oVirt Manager or RHV Manager to use the FreeIPA to provide user external authentication. Here’s my servers’ information: IPA server: ipa.angkorian.io (CentOS 8.3.2011) oVirt Hosted-Engine: ovirtm.angkorian.io (CentOS 8.3.2011) IPA user: ovirtadmin First, open SSH connection to ovirtm as root and ensure that ovirt-engine-extension-aaa-ldap-setup package is installed. Here is a tip to figure out the name of this package - I’d search for ovirt*ldap....

I have a FreeIPA server with the following information: FreeIPA server: utility.lab.example.com FreeIPA realm: LAB.EXAMPLE.COM FreeIPA domain: lab.example.com I want to add 2 normal users: User Login: rhvadmin, First Name: RHV, Last Name: Admin, Password: CentOS123^ User Login: normaluser, First Name: Normal, Last Name: User, Password: CentOS123^ [root@utility ~]# ipa user-add rhvadmin --first RHV --last Admin --password Password: CentOS123^ Enter Password again to verify: CentOS123^ --------------------- Added user "rhvadmin" --------------------- User login: rhvadmin First name: RHV Last name: Admin Full name: RHV Admin Display name: RHV Admin Initials: RA Home directory: /home/rhvadmin GECOS: RHV Admin Login shell: /bin/sh Principal name: rhvadmin@LAB....

I have a FreeIPA server with the following information. FreeIPA server: utility.lab.example.com FreeIPA realm: LAB.EXAMPLE.COM FreeIPA domain: lab.example.com. I want to insert a few DNS records: hosta.lab.example.com - 172.25.250.10 hostb.lab.example.com - 172.25.250.11 hostc.lab.example.com - 172.25.250.12 hostd.lab.example.com - 172.25.250.13 bastion.lab.example.com - 172.25.250.254 And I’d like to use the command line to do this. Acquire the admin’s Kerberos ticket. [root@utility ~]# kinit admin Password for admin@LAB.EXAMPLE.COM: List the DNS zones. [root@utility ~]# ipa dnszone-find Zone name: 250....