I make a simple admin policy using the template helpdesk and fill in the
field ‘Admin’ the local user helpdesk i created but then i am also locked
out with my default ‘admin’ account.
I read the docs multiple times but i dont understand how does is supposed
to work.
Version: 2.13-1trusty
Ubuntu 14.04.3
Mysql Database
Correct.
As soon as you define a policy in scope “admin” (or scope “user”)
all admins are checked for policies.
Thus, if the original “superadmin” would not be located in
helpdesk-admin-policy, the superadmin will end up with no rights.
The best practice is to always start with a superadmin.
Thanks for reporting back.
Kind regards
CorneliusAm Montag, den 01.08.2016, 01:55 -0700 schrieb jmdeking:
My fault, i have to define 2 policy’s, 1 for the admin and 1 for the
helpdesk else by default you have no rights for the account that is
undefined.
Solved
On Wednesday, July 27, 2016 at 1:41:58 PM UTC+2, jmdeking wrote:
Hi there,
I cant seem to wrap my head around this.
I make a simple admin policy using the template helpdesk and
fill in the field 'Admin' the local user helpdesk i created
but then i am also locked out with my default 'admin' account.
I read the docs multiple times but i dont understand how does
is supposed to work.
Version: 2.13-1trusty
Ubuntu 14.04.3
Mysql Database
In an enterprise environment you should get a SERVICE LEVEL AGREEMENT
which suites your needs for SECURITY, AVAILABILITY and LIABILITY: privacyIDEA Support Level
My fault, i have to define 2 policy’s, 1 for the admin and 1 for the
helpdesk else by default you have no rights for the account that is
undefined.
Solved :)On Wednesday, July 27, 2016 at 1:41:58 PM UTC+2, jmdeking wrote:
Hi there,
I cant seem to wrap my head around this.
I make a simple admin policy using the template helpdesk and fill in the
field ‘Admin’ the local user helpdesk i created but then i am also locked
out with my default ‘admin’ account.
I read the docs multiple times but i dont understand how does is supposed
to work.
Version: 2.13-1trusty
Ubuntu 14.04.3
Mysql Database
I have done a similar thing - made trying to make an admin policy for a subset of admins and now my local admins dont have the correct rights to admin the system.
I thought if I removed or renamed the
SUPERUSER_REALM = [‘blah’, ‘super1’]
in /etc/privacyidea/pi.cfg
but I dont seem to regain access.
How can I revert it to not have admin policies and be like a fresh install with local admins ?