Re: [Freeipa-users] Questions about commande ipa user-add used to import NIS accounts

2014-11-18 Thread Rob Crittenden 
Edouard Guigné wrote:
> Hello Rob,
> 
> I looked for more informations about error message, and I found that :
> http://comments.gmane.org/gmane.linux.redhat.freeipa.user/11952
> 
> So I change cn=config :
> 
> ldapmodify -x -D "cn=directory manager" -w password
> dn: cn=config
> changetype: modify
> replace: nsslapd-allow-hashed-passwords
> *nsslapd-allow-hashed-passwords: on*
> 
> Then try again :
> 
> # ipa user-add user1 --last="User1" --first="myuser1" --setattr 
> userpassword="{CRYPT}"
> ---
> Utilisateur "user1" ajouté
> ---
>   Identifiant de connexion: user1 
>   Prénom: myuser1
>   Nom: User1
>   Nom complet: myuser1 User1
>   Nom affiché: myuser1 User1
>   Initiales: MU
>   Répertoire utilisateur: /home/user1
>   GECOS: myuser1 User1
>   Shell de connexion: /bin/sh
>   Principal Kerberos: us...@lmsipa.polytechnique.fr
>   Adresse courriel: us...@lmscipa1.lmsipa.polytechnique.fr
>   UID: 159445
>   GID: 159445
>   Mot de passe: True
>   Membre des groupes: ipausers
>   Clés Kerberos disponibles: False
> 
> Ok, seems to be good... however, if I try kinit :
> 
> # kinit user1
> *kinit: Generic preauthentication failure while getting initial credentials*
> 
> It still does not work.

The Kerberos credentials haven't been generated yet.

You need to migrate the account either by logging into a system
controlled by sssd or go to https://ipa.example.com/ipa/migration/

rob

> 
> Ed
> 
> Le 17/11/2014 19:25, Rob Crittenden a écrit :
>> Edouard Guigné wrote:
>>> Hello freeipa users
>>>
>>> I followed the instructions of this page :
>>> http://www.freeipa.org/page/NIS_accounts_migration_preserving_Passwords
>>>
>>> in order to integrate NIS accounts over IPA with preserving passwords.
>>>
>>> However, I do not succeed to import user as indicate on documentation :
>>>
>>> # ipa user-add /user1/--setattr=userpassword={CRYPT}//
>>> return :
>>> *"ipa: ERROR: Constraint violation : invalid password syntax - passwords
>>> with storage scheme are not allowed"*
>>>
>>> Someone could help ?
>> You enabled migration mode?
>>
>> ipa config-mod --enable-migration=true
>>
>> If you have, what version of IPA is this?
>>
>> rob
>>
>>
>>
> 

-- 
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go To http://freeipa.org for more info on the project

Re: [Freeipa-users] Questions about commande ipa user-add used to import NIS accounts

2014-11-17 Thread Rob Crittenden 
Edouard Guigné wrote:
> Hello freeipa users
> 
> I followed the instructions of this page :
> http://www.freeipa.org/page/NIS_accounts_migration_preserving_Passwords
> 
> in order to integrate NIS accounts over IPA with preserving passwords.
> 
> However, I do not succeed to import user as indicate on documentation :
> 
> # ipa user-add /user1/--setattr=userpassword={CRYPT}//
> return :
> *"ipa: ERROR: Constraint violation : invalid password syntax - passwords
> with storage scheme are not allowed"*
> 
> Someone could help ?

You enabled migration mode?

ipa config-mod --enable-migration=true

If you have, what version of IPA is this?

rob

-- 
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go To http://freeipa.org for more info on the project

[Freeipa-users] Questions about commande ipa user-add used to import NIS accounts

2014-11-17 Thread Edouard Guigné 

Hello freeipa users

I followed the instructions of this page :
http://www.freeipa.org/page/NIS_accounts_migration_preserving_Passwords

in order to integrate NIS accounts over IPA with preserving passwords.

However, I do not succeed to import user as indicate on documentation :

# ipa user-add /user1/--setattr=userpassword={CRYPT}//
return :
*"ipa: ERROR: Constraint violation : invalid password syntax - passwords 
with storage scheme are not allowed"*


Someone could help ?

Ed
-- 
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go To http://freeipa.org for more info on the project