Platform is a fully-updated CentOS 7 instance. I have installed ipa-server-4.6.8-5.el7.centos.9.x86_64 and all the dependent packages.
The RedHat documentation tells you to use a script that sets all passwords to the same fixed string, however, I would like to use the hashed passwords from my NIS instance. The NIS server passwrod policy is set to "sha512". I have set: ipa config-mod --enable-migration=true It appears that the RedHat build does not allow encrypted passwords with "ipa user-mod", but I am trying to set the password with "ipa user-add". However, whenever I do this, attempting to test the login results in: kinit: Pre-authentication failed: Invalid argument while getting initial credentials ipa user-add blahblah --first=NIS --last=USER --setattr 'userpassword={sha512}$6$WZktVggI$Rsmo.M31dUfgalp5e39a47FwjfdM5UA9UT1dwvKjrLJZVjh7SxG0g2SuDYOZmFM9mdGeTIz8KZpZukKouNQR1/' --uid=4444 --gid=444 --gecos='Blah' --homedir=/home/blah --shell=/bin/bash --------------------- Added user "blahblah" --------------------- User login: blahblah First name: NIS Last name: USER Full name: NIS USER Display name: NIS USER Initials: NU Home directory: /home/blah GECOS: Blah Login shell: /bin/bash Principal name: blahb...@sj.bps Principal alias: blahb...@sj.bps Email address: blahb...@sj.bps UID: 4444 GID: 444 Password: True Member of groups: ipausers Kerberos keys available: False [root@ipa1 ~]# kinit blahblah kinit: Pre-authentication failed: Invalid argument while getting initial credentials It doesn't seem to matter what I specify for "{crypt}": md5 or sha512, I get the same message. _______________________________________________ FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedorahosted.org Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure