On Thu, 09 Jul 2015, Nicola Canepa wrote:
OK, I'm sorry for the little information provided: I can't do migrate-ds, since I'm not coming from a "DS" (which can only be another LDAP server, I guess). The only thing I can expect is that users will login to one of the applicazions which I put under FreeIPA authentication. So I mixed the "NIS migration" documentation (maintaining passwords) with the "migration mode", hoping it was what I was looking for.
If you did create your users the same way as proposed with NIS migration, then they wouldn't be different from what would have happened with 'ipa migrate-ds'. End result, you have user entries in LDAP with passwords set to their hashes in the previous system and no Kerberos attributes.
Is there a way so that users are created in FreeIPA once they login in this way?
*You* need to create them. http://www.freeipa.org/page/NIS_accounts_migration_preserving_Passwords walks you through that: --->8--->8--->8--->8--->8--->8--->8--->8--->8--->8--->8--->8--->8--->8--->8
From your export file, import the users into IPA using the admin tools
and set the original hashed password: # ipa user-add [username] --setattr userpassword={crypt}yourencryptedpass ---8<---8<---8<---8<---8<---8<---8<---8<---8<---8<---8<---8<---8<---8<--- -- / Alexander Bokovoy -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project