[Freeipa-users] Questions about commande ipa user-add used to import NIS accounts
Rob Crittenden
rcritten at redhat.com
Tue Nov 18 15:41:21 UTC 2014
Edouard Guigné wrote:
> Hello Rob,
>
> I looked for more informations about error message, and I found that :
> http://comments.gmane.org/gmane.linux.redhat.freeipa.user/11952
>
> So I change cn=config :
>
> ldapmodify -x -D "cn=directory manager" -w password
> dn: cn=config
> changetype: modify
> replace: nsslapd-allow-hashed-passwords
> *nsslapd-allow-hashed-passwords: on*
>
> Then try again :
>
> # ipa user-add user1 --last="User1" --first="myuser1" --setattr userpassword="{CRYPT}xxxxxxxxxxxx"
> ---------------------------
> Utilisateur "user1" ajouté
> ---------------------------
> Identifiant de connexion: user1
> Prénom: myuser1
> Nom: User1
> Nom complet: myuser1 User1
> Nom affiché: myuser1 User1
> Initiales: MU
> Répertoire utilisateur: /home/user1
> GECOS: myuser1 User1
> Shell de connexion: /bin/sh
> Principal Kerberos: User1 at LMSIPA.POLYTECHNIQUE.FR
> Adresse courriel: User1 at lmscipa1.lmsipa.polytechnique.fr
> UID: 1594400005
> GID: 1594400005
> Mot de passe: True
> Membre des groupes: ipausers
> Clés Kerberos disponibles: False
>
> Ok, seems to be good... however, if I try kinit :
>
> # kinit user1
> *kinit: Generic preauthentication failure while getting initial credentials*
>
> It still does not work.
The Kerberos credentials haven't been generated yet.
You need to migrate the account either by logging into a system
controlled by sssd or go to https://ipa.example.com/ipa/migration/
rob
>
> Ed
>
> Le 17/11/2014 19:25, Rob Crittenden a écrit :
>> Edouard Guigné wrote:
>>> Hello freeipa users
>>>
>>> I followed the instructions of this page :
>>> http://www.freeipa.org/page/NIS_accounts_migration_preserving_Passwords
>>>
>>> in order to integrate NIS accounts over IPA with preserving passwords.
>>>
>>> However, I do not succeed to import user as indicate on documentation :
>>>
>>> # ipa user-add /user1/--setattr=userpassword={CRYPT}/xxxxxxxxxxxx/
>>> return :
>>> *"ipa: ERROR: Constraint violation : invalid password syntax - passwords
>>> with storage scheme are not allowed"*
>>>
>>> Someone could help ?
>> You enabled migration mode?
>>
>> ipa config-mod --enable-migration=true
>>
>> If you have, what version of IPA is this?
>>
>> rob
>>
>>
>>
>
More information about the Freeipa-users
mailing list