Hi there,
I cant seem to wrap my head around this.
I make a simple admin policy using the template helpdesk and fill in the
field ‘Admin’ the local user helpdesk i created but then i am also locked
out with my default ‘admin’ account.
I read the docs multiple times but i dont understand how does is supposed
to work.
Version: 2.13-1trusty
Ubuntu 14.04.3
Mysql Database
Correct.
As soon as you define a policy in scope “admin” (or scope “user”)
all admins are checked for policies.
Thus, if the original “superadmin” would not be located in
helpdesk-admin-policy, the superadmin will end up with no rights.
The best practice is to always start with a superadmin.
Thanks for reporting back.
Kind regards
CorneliusAm Montag, den 01.08.2016, 01:55 -0700 schrieb jmdeking:
My fault, i have to define 2 policy’s, 1 for the admin and 1 for the
helpdesk else by default you have no rights for the account that is
undefined.Solved
On Wednesday, July 27, 2016 at 1:41:58 PM UTC+2, jmdeking wrote:
Hi there,I cant seem to wrap my head around this. I make a simple admin policy using the template helpdesk and fill in the field 'Admin' the local user helpdesk i created but then i am also locked out with my default 'admin' account. I read the docs multiple times but i dont understand how does is supposed to work. Version: 2.13-1trusty Ubuntu 14.04.3 Mysql Database–
Please read the blog post about getting help
Getting help – privacyID3A.For professional services and consultancy regarding two factor
authentication please visit
One Time Services - NetKnights - IT-Sicherheit - Zwei-Faktor-Authentisierung - VerschlüsselungIn an enterprise environment you should get a SERVICE LEVEL AGREEMENT
which suites your needs for SECURITY, AVAILABILITY and LIABILITY:
privacyIDEA Support LevelYou received this message because you are subscribed to the Google
Groups “privacyidea” group.
To unsubscribe from this group and stop receiving emails from it, send
an email to privacyidea+unsubscribe@googlegroups.com.
To post to this group, send email to privacyidea@googlegroups.com.
Visit this group at https://groups.google.com/group/privacyidea.
To view this discussion on the web visit
https://groups.google.com/d/msgid/privacyidea/c69c7e99-07c9-48dd-b5fd-22509dffc71a%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
–
Cornelius Kölbel
@cornelinux
+49 151 2960 1417
NetKnights GmbH
http://www.netknights.it
Landgraf-Karl-Str. 19, 34131 Kassel, Germany
Tel: +49 561 3166797, Fax: +49 561 3166798
Amtsgericht Kassel, HRB 16405
Geschäftsführer: Cornelius Kölbel
signature.asc (836 Bytes)
My fault, i have to define 2 policy’s, 1 for the admin and 1 for the
helpdesk else by default you have no rights for the account that is
undefined.
Solved :)On Wednesday, July 27, 2016 at 1:41:58 PM UTC+2, jmdeking wrote:
Hi there,
I cant seem to wrap my head around this.
I make a simple admin policy using the template helpdesk and fill in the
field ‘Admin’ the local user helpdesk i created but then i am also locked
out with my default ‘admin’ account.I read the docs multiple times but i dont understand how does is supposed
to work.Version: 2.13-1trusty
Ubuntu 14.04.3
Mysql Database
Hi ,
I have done a similar thing - made trying to make an admin policy for a subset of admins and now my local admins dont have the correct rights to admin the system.
I thought if I removed or renamed the
SUPERUSER_REALM = [‘blah’, ‘super1’]
in /etc/privacyidea/pi.cfg
but I dont seem to regain access.
How can I revert it to not have admin policies and be like a fresh install with local admins ?
Please help - I messed up 
Thanks in advance
Ok I figured it out
I disabled the policy via
pi-manage script …
Love this product!!!
Hello @dfine
Thank you for joining the privacyIDEA community.
And thank a lot for the feedback.
This is right. Configuring admin policies can lock you out, but you can use the tool
pi-manage policy list
and
pi-manage policy disable ...
to revert and fix the policies.