Search the Community
Showing results for tags 'linux'.
Found 2 results
Currently i manage a fully Linux environment that uses freeipa for ldap and ive run into 3 issues First , the account discovery works using an freeipa account but doesnt seem to correctly pull the found users passwords second, unless im doing something wrong i am unable to use the host discovery option to connect to freeipa lastly, the account discovery misses the freeipa users and thus makes it hard to use the ssh connection option as the ldap users are the only true non-service and non-root accounts so with these issues i was wondering if there has been any thought into better supporting non windows ldap for host/account discovery Thanks
Updated for Passwordstate 8 - 1st November 2017 Step 1: Ensure you have prerequisites set up for your web server and hosts, as per this forum post (Once off process) Step 2: Add new Password Record configured as follows: Screen 1: Ensure you configure the below 5 options correctly and enter in the password for the account. If you configure an Expiry Date it will automatically change the password when that date is reached. Screen 2: Confirm you select the appropriate Reset Linux Password script. Determine whether or not to use a Privileged Account and select the appropriate option. If you do not use a Privileged Account, Passwordstate will SSH to the host using the currently active password for the user (in this example marlee), and perform the reset. Otherwise it will connect to the host with the Privileged Account username and password, and then perform the reset for the user account (marlee) Confirm the Password Reset Schedule is enabled if you want the password to automatically change when the Expiry Date occurs Screen 3: Confirm the Validate Password for Linux Account validation script is selected Some More notes about Linux Resets: In some environments, and and/or Linux distributions, SSH'ing in as root is disabled. To ensure you can perform a successful heartbeat of the root account ie check the password record is in sync with the root password on the machine, then you may need to tick the following option - This will SSH in as your Privileged Account, and perform a password validation to the root account. In conjunction with the setting below, you will need to configure your sudoers file on each of your machine following the Section 14 of this Document: https://www.clickstudios.com.au/downloads/version8/Password_Discovery_Reset_and_Validation_Requirements.pdf Information About the Privileged Account: With Linux it is possible to SSH in using a Public/Private key system to authenticate. If you have this system in place, you can assign the Private key to your Privileged Account, and it will use the key and the secret Passphrase to establish an SSH connection to the machine: