Problem The client, a company using FreeIPA for identity management, encountered issues when running the ipa-healthcheck command. The system was returning errors related to non-existent servers, which had been decommissioned as part of a recent infrastructure migration. These errors were causing the ipa-healthcheck command to fail and reported old servers that no longer existed in […]
Security 21 Oct 2024 FreeIPA – Allow Admins to Change Passwords Without Requiring Next Login ChangeProblem: The client wanted to allow admins to reset user passwords without forcing the next login change. Process: The expert confirmed that FreeIPA didn’t respect the set attribute with –setattr=krbPasswordExpiration from the command line. It changed the password but the expiry date automatically adjusted to the value from global_policy `ipa pwpolicy-show`. The expert tried to […]
Security 18 Sep 2024 Servers connected to IPA server with outdated dataProblem: Some client servers are not receiving updated data from our IPA servers. For example, listing hosts in a specific host group on one client server shows missing hosts: ~]# ipa host-find --in-hostgroups=rhel9_hosts | grep Host | grep -i ra Host name: india In contrast, the same command on another server shows additional hosts: ~]# […]
Security 27 Jul 2024 Resolving FreeIPA Password Expiration Issue for Admin-Reset PasswordsProblem: FreeIPA prompts regular users to change their passwords immediately after an admin resets them, which is undesired for certain admin-managed accounts like ‘admpass’. Process: The expert first reviewed the client’s IPA password policy and proposed using the krbPasswordExpiration attribute to control password expiration. However, attempts to set this attribute during user modification did not […]
Security 17 Jun 2024 Resolving FreeIPA Client Registration Issue: Addressing ‘Cannot Obtain CA Certificate’ ErrorProblem: The client is unable to register to a FreeIPA server, encountering the error message “Cannot obtain CA certificate.” The error log indicates issues with LDAP access and Kerberos database. Process: The expert took the following steps to address the client’s registration issue with the FreeIPA server: Reproduction of the Setup: The expert attempted to […]
Security 22 Apr 2024 Ceph Storage Capacity Issue: OSDs Limited Space Despite Expected AvailabilityProblem: Ceph Storage Almost Full but Should Have Space. The client reported that the Ceph storage is nearly full, even though there should be sufficient space available. The output of ceph osd status indicates that some OSDs have limited available space. The most common cause identified is not deleting the lost+found directory after a crash […]
Storage 14 Apr 2024 Seamless Migration: Upgrading FreeIPA Data from Version 4.6.8 to 4.10.1Problem: The problem is that commit logs in the production Cassandra cluster are accumulating excessively without being deleted, leading to a full filesystem and subsequent database crashes. Process: FreeIPA-Replication-Troubleshooting We have tried to reproduce the setup by performing the following actions. Installing FreeIPA Server on CentOS 7 server. Which had the default version of FreeIPA […]
Security 10 Apr 2024 Enhancing Authentication Services with FreeIPA and KeycloakProblem: The key challenge emerged when the university aimed to implement Kerberos Single Sign-On (SSO) for FreeIPA and configure Keycloak to seamlessly connect with FreeIPA. Two significant updates revealed obstacles: an inability to access a third-party application for Kerberos installation and the absence of a topology or visual representation of the configuration. Additionally, the university […]
Security