Re: [Freeipa-users] Importing from shadow: ERROR: Constraint violation: pre-hashed passwords are not valid
On Wed, 06 Jan 2016, Simpson Lachlan wrote:
Hi,
New install of FreeIPA 4.2.0-15.el7.centos.3 on Centos 7.2.1511 (and
I'm very new to FreeIPA)
Following the advice I got from here:
http://www.freeipa.org/page/NIS_accounts_migration_preserving_Passwords
I dumped old shadow into a csv, then wrote a small bash script to
import all the users:
#!/bin/bash
INPUT=s.csv
IFS=,
kinit admin
[ ! -f $INPUT ] && { echo "$INPUT file not found"; exit 99; }
while read lname pw
do
echo "Importing user $lname"
FIRST=${lname:0:1}
LAST=${lname:1}
ipa user-add $lname --first $FIRST --last $LAST --setattr
userpassword={crypt}"$pw"
done < $INPUT
When I execute this, I get this error for every entry: "ipa: ERROR:
Constraint violation: pre-hashed passwords are not valid"
What have I done wrong?
Did you enable migration mode? The check in the password plugin is
conditioned on allowing pre-hashed passwords only when the migration
mode is on.
--
/ Alexander Bokovoy
--
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go to http://freeipa.org for more info on the project
Re: [Freeipa-users] Importing from shadow: ERROR: Constraint violation: pre-hashed passwords are not valid
> -Original Message- > From: Alexander Bokovoy [mailto:aboko...@redhat.com] > > >When I execute this, I get this error for every entry: "ipa: ERROR: > >Constraint violation: pre-hashed passwords are not valid" > > > >What have I done wrong? > Did you enable migration mode? The check in the password plugin is conditioned > on allowing pre-hashed passwords only when the migration mode is on. Well that's embarrassing. It's even right there, on the page I quoted. Didn't even see that paragraph when I was reading it. Thank you L. This email (including any attachments or links) may contain confidential and/or legally privileged information and is intended only to be read or used by the addressee. If you are not the intended addressee, any use, distribution, disclosure or copying of this email is strictly prohibited. Confidentiality and legal privilege attached to this email (including any attachments) are not waived or lost by reason of its mistaken delivery to you. If you have received this email in error, please delete it and notify us immediately by telephone or email. Peter MacCallum Cancer Centre provides no guarantee that this transmission is free of virus or that it has not been intercepted or altered and will not be liable for any delay in its receipt. -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project
[Freeipa-users] Importing from shadow: ERROR: Constraint violation: pre-hashed passwords are not valid
Hi,
New install of FreeIPA 4.2.0-15.el7.centos.3 on Centos 7.2.1511 (and I'm very
new to FreeIPA)
Following the advice I got from here:
http://www.freeipa.org/page/NIS_accounts_migration_preserving_Passwords
I dumped old shadow into a csv, then wrote a small bash script to import all
the users:
#!/bin/bash
INPUT=s.csv
IFS=,
kinit admin
[ ! -f $INPUT ] && { echo "$INPUT file not found"; exit 99; }
while read lname pw
do
echo "Importing user $lname"
FIRST=${lname:0:1}
LAST=${lname:1}
ipa user-add $lname --first $FIRST --last $LAST --setattr
userpassword={crypt}"$pw"
done < $INPUT
When I execute this, I get this error for every entry: "ipa: ERROR: Constraint
violation: pre-hashed passwords are not valid"
What have I done wrong?
Cheers
L.
This email (including any attachments or links) may contain
confidential and/or legally privileged information and is
intended only to be read or used by the addressee. If you
are not the intended addressee, any use, distribution,
disclosure or copying of this email is strictly
prohibited.
Confidentiality and legal privilege attached to this email
(including any attachments) are not waived or lost by
reason of its mistaken delivery to you.
If you have received this email in error, please delete it
and notify us immediately by telephone or email. Peter
MacCallum Cancer Centre provides no guarantee that this
transmission is free of virus or that it has not been
intercepted or altered and will not be liable for any delay
in its receipt.
--
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go to http://freeipa.org for more info on the project
