[Freeipa-users] Re: Modify user password by accepting hash as input

Alfred Victor via FreeIPA-users wrote: > > From:  > https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/7/html/linux_domain_identity_authentication_and_policy_guide/migrating_from_a_directory_server_to_ipa > > *"Users cannot authenticate to the IdM domain or access IdM

[Freeipa-users] Re: Modify user password by accepting hash as input

(besides add the passSyncManagersDNs attribute of course!) Andy On Thu, Feb 4, 2021 at 1:13 PM Alfred Victor wrote: > > From: >

[Freeipa-users] Re: Modify user password by accepting hash as input

From: https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/7/html/linux_domain_identity_authentication_and_policy_guide/migrating_from_a_directory_server_to_ipa *"Users cannot authenticate to the IdM domain or access IdM resources until they have Kerberos hashes."* To be sure I

[Freeipa-users] Re: Trust external IPA?

Ian Pilcher via FreeIPA-users wrote: > At work, I manage a small lab that is used by my team (< 10 people). > All lab users are currently managed in the lab FreeIPA, but we all use > it extensively, so creating separate credentials for the lab isn't > overly burdensome. > > We're now expanding

[Freeipa-users] Re: Modify user password by accepting hash as input

Alfred Victor via FreeIPA-users wrote: > Hi Rob and IPA list - > > The alternative is if it is possible to use the sssd method similar to > as described in 39.1.2.3 at the below link to update credentials at IPA > as well when a user resets their password, but I expect that if this is > possible

[Freeipa-users] Trust external IPA?

At work, I manage a small lab that is used by my team (< 10 people). All lab users are currently managed in the lab FreeIPA, but we all use it extensively, so creating separate credentials for the lab isn't overly burdensome. We're now expanding the lab, and the number of users who may need

[Freeipa-users] Re: migrating NIS passwords to FreeIPA in Fedora 33 with {CRYPT} and RH sample nis-users.sh script

Hi, Robert Kudyba via FreeIPA-users writes: > Yes and I found a fix. All that is needed is to surround the echo command > with double quotes at the top of the script where username is set: > username="$(echo $line | cut -f1 -d:)" For some of these errors using shellcheck might help. Not

[Freeipa-users] Re: migrating NIS passwords to FreeIPA in Fedora 33 with {CRYPT} and RH sample nis-users.sh script

On Thu, Feb 4, 2021 at 11:47 AM Rob Crittenden wrote: > Robert Kudyba wrote: > > > > > Now any idea why the original '$gecos' inserts the actual string > > $gecos > > > into FreeIPA/LDAP? > > > > It's a shell issue, single quotes prevents any argument expansion, > use > >

[Freeipa-users] Re: Modify user password by accepting hash as input

Hi Rob and IPA list - The alternative is if it is possible to use the sssd method similar to as described in 39.1.2.3 at the below link to update credentials at IPA as well when a user resets their password, but I expect that if this is possible to do with both systems in parallel (OpenLDAP

[Freeipa-users] Re: migrating NIS passwords to FreeIPA in Fedora 33 with {CRYPT} and RH sample nis-users.sh script

Robert Kudyba wrote: > > > Now any idea why the original  '$gecos' inserts the actual string  > $gecos > > into FreeIPA/LDAP? > > It's a shell issue, single quotes prevents any argument expansion, use > double quotes. > > > Sure but using just double quotes $gecos is still

[Freeipa-users] Re: migrating NIS passwords to FreeIPA in Fedora 33 with {CRYPT} and RH sample nis-users.sh script

> > > > Now any idea why the original '$gecos' inserts the actual string $gecos > > into FreeIPA/LDAP? > > It's a shell issue, single quotes prevents any argument expansion, use > double quotes. > Sure but using just double quotes $gecos is still added to the FreeIPA record. I can at least