Closed lnxart closed 4 years ago
Hello.
You can use Installation steps from README. It's the same for standalone server.
Hello,
Thank you for your kindly help, Please let me know how we can send the reset-password requests to our FreeIPA server that run on another server?
Kind regards,
hello.
You should install freeipa-client on that server and join it to freeipa (use ipa-client-install
or ipa-join
commands).
Hello,
Thanks again, the app is running but we got the following error in https://127.0.0.1/reset/ : " The proxy server received an invalid response from an upstream server. The proxy server could not handle the request POST /reset/gettoken/.
Reason: Error reading from remote server "
Kind regards,
DId you see web page? If no it's apache/nginx configuration error and you should fix it first.
You can check application without proxy by following url: http://127.0.0.1:8000/reset/
Hello,
I fixed the proxy issue, and I faced another issue about ticket expiration:
$ klist -A Ticket cache: KEYRING:persistent:1000:1000 Default principal: ldap-passwd-reset@DOMAIN.TLD
Valid starting Expires Service principal 09/14/19 10:20:55 09/15/19 10:20:55 HTTP/SERVER_NAME_URL@DOMAIN.TLD renew until 09/21/19 10:20:55 09/14/19 10:20:17 09/21/19 10:20:17 krbtgt/DOMAIN.TLD@DOMAIN.TLD renew until 09/24/19 09:20:17
As you see the ticket for HTTP principal will expire in 24 hours, and users will get errors about kerberos ticket when they try to reset password.
Please let me know how we can resolve this issue?
Kind Regards,
Hello.
Did you put the keytab to file ldap-passwd-reset.keytab
?
Tickets was retrieved automatically when user try to reset password. What error are you got?
Hello,
I fixed the proxy issue, and I faced another issue about ticket expiration:
$ klist -A Ticket cache: KEYRING:persistent:1000:1000 Default principal: ldap-passwd-reset@DOMAIN.TLD
Valid starting Expires Service principal 09/14/19 10:20:55 09/15/19 10:20:55 HTTP/SERVER_NAME_URL@DOMAIN.TLD renew until 09/21/19 10:20:55 09/14/19 10:20:17 09/21/19 10:20:17 krbtgt/DOMAIN.TLD@DOMAIN.TLD renew until 09/24/19 09:20:17
As you see the ticket for HTTP principal will expire in 24 hours, and users will get errors about kerberos ticket when they try to reset password.
Please let me know how we can resolve this issue?
Kind Regards,
$ klist -A
Ticket cache: KEYRING:persistent:1000:1000
Default principal: ldap-passwd-reset@DOMAIN.TLD
Valid starting Expires Service principal
09/14/19 10:20:55 09/15/19 10:20:55 HTTP/SERVER_NAME_URL@DOMAIN.TLD
renew until 09/21/19 10:20:55
09/14/19 10:20:17 09/21/19 10:20:17 krbtgt/DOMAIN.TLD@DOMAIN.TLD
renew until 09/24/19 09:20:17
$ klist -A
Ticket cache: KEYRING:persistent:1000:1000
Default principal: ldap-passwd-reset@DOMAIN.TLD
Valid starting Expires Service principal
09/14/19 10:20:55 09/15/19 10:20:55 HTTP/SERVER_NAME_URL@DOMAIN.TLD
renew until 09/21/19 10:20:55
09/14/19 10:20:17 09/21/19 10:20:17 krbtgt/DOMAIN.TLD@DOMAIN.TLD
renew until 09/24/19 09:20:17
It's ok. Ticket retrieved on user requests.
You can destroy current ticket and try to reset password. After sending token you should see new ticket in klist -A
list.
Hello,
Did you put the keytab to file ldap-passwd-reset.keytab?
Yes, but please let me what is the correct setting for keytab: 1- KEYTAB_PATH = "../ldap-passwd-reset.keytab" or 2- KEYTAB_PATH = "../../ldap-passwd-reset.keytab"
You can see my directories as below (there is 2 nested PasswordReset directory): /opt/data/IPAPasswordReset/PasswordReset# tree -d . ├── PasswordReset └── app ├── migrations └── templates
Tickets was retrieved automatically when user try to reset password. What error are you got? I cannot reproduce it just know as my ticket is valid till tomorrow, but it was about "kerberos ticket" and the command "sudo -u ldap-passwd-reset -i klist -A" did not show any ticket when we faced this issue.
Kind regards,
With default value of KEYTAB_PATH
("../ldap-passwd-reset.keytab") keytab should be placed on project root (in /opt/data/IPAPasswordReset/
dir by default).
OK, it is fixed and working fine now. Thank you for your great work and kindly support.
Hello,
Thanks again, the app is running but we got the following error in https://127.0.0.1/reset/ : " The proxy server received an invalid response from an upstream server. The proxy server could not handle the request POST /reset/gettoken/.
Reason: Error reading from remote server "
Kind regards,
Hi, please tell me how you fixed this problem?
Hello,
Please let me know how we can install your password reset app in a standalone server?
Kind regards,