Nordgren, Bryce L -FS wrote: > DNS is fixed, 4.0.0 is installed, and my external users have been > migrated from an LDAP store via the migrate-ds script. > > > > The password migration page keeps telling me that the password or > username I entered is incorrect. (username: test.user, password: test) I > did not mistype this. I did set the minimum password length to 0, but > not until after migrating my users. > > > > IPA forced me to reset the password for test.user, then kinit > (attempting to login via sssd failed), then change the password before > sssd logins and ldap binds started working. This is not an appropriate > migration path for those users who primarily interact with web apps, so > I need that migration page to work. > > > > The LDAP interface is also important to me, as I want to use this for > web app authentication. As is, my migrated accounts are doing this: > > > > [root@fislstore ~]# ldapsearch -h ipa.usfs-i2.umt.edu -x -D > 'uid=my_peeps,cn=users,cn=accounts,dc=usfs-i2,dc=umt,dc=edu' -W > '(objectClass=posixAccount)' dn > > Enter LDAP Password: > > ldap_bind: Inappropriate authentication (48)
Are you sure the entry has a password set? Someone has reported an issue with password migration where 389-ds is rejecting the passwords with: passwords with storage scheme are not allowed. That may be part of the problem. rob -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go To http://freeipa.org for more info on the project