[Freeipa-users] Migrating from custom auth system
Alexander Bokovoy
abokovoy at redhat.com
Thu Jul 9 12:44:28 UTC 2015
On Thu, 09 Jul 2015, Nicola Canepa wrote:
>OK, I'm sorry for the little information provided: I can't do
>migrate-ds, since I'm not coming from a "DS" (which can only be
>another LDAP server, I guess).
>The only thing I can expect is that users will login to one of the
>applicazions which I put under FreeIPA authentication.
>So I mixed the "NIS migration" documentation (maintaining passwords)
>with the "migration mode", hoping it was what I was looking for.
If you did create your users the same way as proposed with NIS
migration, then they wouldn't be different from what would have happened
with 'ipa migrate-ds'. End result, you have user entries in LDAP with
passwords set to their hashes in the previous system and no Kerberos
attributes.
>Is there a way so that users are created in FreeIPA once they login in
>this way?
*You* need to create them. http://www.freeipa.org/page/NIS_accounts_migration_preserving_Passwords
walks you through that:
--->8--->8--->8--->8--->8--->8--->8--->8--->8--->8--->8--->8--->8--->8--->8
>From your export file, import the users into IPA using the admin tools
and set the original hashed password:
# ipa user-add [username] --setattr userpassword={crypt}yourencryptedpass
---8<---8<---8<---8<---8<---8<---8<---8<---8<---8<---8<---8<---8<---8<---
--
/ Alexander Bokovoy
More information about the Freeipa-users
mailing list