On Thu, 09 Jul 2015, Nicola Canepa wrote:
OK, I'm sorry for the little information provided: I can't do
migrate-ds, since I'm not coming from a "DS" (which can only be
another LDAP server, I guess).
The only thing I can expect is that users will login to one of the
applicazions which I put under FreeIPA authentication.
So I mixed the "NIS migration" documentation (maintaining passwords)
with the "migration mode", hoping it was what I was looking for.
If you did create your users the same way as proposed with NIS
migration, then they wouldn't be different from what would have happened
with 'ipa migrate-ds'. End result, you have user entries in LDAP with
passwords set to their hashes in the previous system and no Kerberos
attributes.
Is there a way so that users are created in FreeIPA once they login in
this way?
*You* need to create them.
http://www.freeipa.org/page/NIS_accounts_migration_preserving_Passwords
walks you through that:
--->8--->8--->8--->8--->8--->8--->8--->8--->8--->8--->8--->8--->8--->8--->8
From your export file, import the users into IPA using the admin tools
and set the original hashed password:
# ipa user-add [username] --setattr userpassword={crypt}yourencryptedpass
---8<---8<---8<---8<---8<---8<---8<---8<---8<---8<---8<---8<---8<---8<---
--
/ Alexander Bokovoy
--
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go to http://freeipa.org for more info on the project
