Problem The client, a company using FreeIPA for identity management, encountered issues when running the ipa-healthcheck command. The system was returning errors related to non-existent servers, which had been decommissioned as part of a recent infrastructure migration. These errors were causing the ipa-healthcheck command to fail and reported old servers that no longer existed in […]
Security 21 Oct 2024 FreeIPA – Allow Admins to Change Passwords Without Requiring Next Login ChangeProblem: The client wanted to allow admins to reset user passwords without forcing the next login change. Process: The expert confirmed that FreeIPA didn’t respect the set attribute with –setattr=krbPasswordExpiration from the command line. It changed the password but the expiry date automatically adjusted to the value from global_policy `ipa pwpolicy-show`. The expert tried to […]
Security 18 Sep 2024 Servers connected to IPA server with outdated dataProblem: Some client servers are not receiving updated data from our IPA servers. For example, listing hosts in a specific host group on one client server shows missing hosts: ~]# ipa host-find --in-hostgroups=rhel9_hosts | grep Host | grep -i ra Host name: india In contrast, the same command on another server shows additional hosts: ~]# […]
Security 27 Jul 2024 Resolving FreeIPA Password Expiration Issue for Admin-Reset PasswordsProblem: FreeIPA prompts regular users to change their passwords immediately after an admin resets them, which is undesired for certain admin-managed accounts like ‘admpass’. Process: The expert first reviewed the client’s IPA password policy and proposed using the krbPasswordExpiration attribute to control password expiration. However, attempts to set this attribute during user modification did not […]
Security 17 Jun 2024 Resolving FreeIPA Client Registration Issue: Addressing ‘Cannot Obtain CA Certificate’ ErrorProblem: The client is unable to register to a FreeIPA server, encountering the error message “Cannot obtain CA certificate.” The error log indicates issues with LDAP access and Kerberos database. Process: The expert took the following steps to address the client’s registration issue with the FreeIPA server: Reproduction of the Setup: The expert attempted to […]
Security 14 Apr 2024 Seamless Migration: Upgrading FreeIPA Data from Version 4.6.8 to 4.10.1Problem: The problem is that commit logs in the production Cassandra cluster are accumulating excessively without being deleted, leading to a full filesystem and subsequent database crashes. Process: FreeIPA-Replication-Troubleshooting We have tried to reproduce the setup by performing the following actions. Installing FreeIPA Server on CentOS 7 server. Which had the default version of FreeIPA […]
Security 10 Apr 2024 Enhancing Authentication Services with FreeIPA and KeycloakProblem: The key challenge emerged when the university aimed to implement Kerberos Single Sign-On (SSO) for FreeIPA and configure Keycloak to seamlessly connect with FreeIPA. Two significant updates revealed obstacles: an inability to access a third-party application for Kerberos installation and the absence of a topology or visual representation of the configuration. Additionally, the university […]
Security