Hello all,
Still on my project to import users from an AD. This works fine ; I can import my users, modify and remove them.
they can connect to the network using their credentials. the only problem I have left is that users can't change their passwords. When importing users from the AD export, paswords are not exported. So, wenn I create the new entries into my COS , I generate a new password. with that, users can login on their MAc computers and connect to the Clearos webconsole to change their password.
but once they are connected to the COS web console, when they are trying to change their password, the have the following error message : password incorrect !
That's very strange because they were able to connect to the web console a few seconds ago with that same password !
I've absolutely no idea what could I do to solve that ... (or maybe another way to allow users to change their password)
If someone has an idea... it's very welcome because my project of importing our students need that to be ready ...
Thanks to all for your help
Still on my project to import users from an AD. This works fine ; I can import my users, modify and remove them.
they can connect to the network using their credentials. the only problem I have left is that users can't change their passwords. When importing users from the AD export, paswords are not exported. So, wenn I create the new entries into my COS , I generate a new password. with that, users can login on their MAc computers and connect to the Clearos webconsole to change their password.
but once they are connected to the COS web console, when they are trying to change their password, the have the following error message : password incorrect !
That's very strange because they were able to connect to the web console a few seconds ago with that same password !
I've absolutely no idea what could I do to solve that ... (or maybe another way to allow users to change their password)
If someone has an idea... it's very welcome because my project of importing our students need that to be ready ...
Thanks to all for your help
Share this post:
Responses (11)
-
Accepted Answer
interesting :
using a Mac computer, I was able to open a session using my login /password and then modify the password. The encryption was, this time, made by the mac computer and is :
userPassword: {SSHA}QXaqoyafUB9dlbQb19HlMcOR2FzsNQdk
but again, I then can connect to the COS webconsole but as soon as I'd like to change my password, COS says that the password I give is not correct. it really seems that clearos saves this password somewhere else with another encryption's type ... -
Accepted Answer
Here's a printscreen between 2 differents account. The one in the console has beencreated throught the normal webconsole and the second one with my import tool :
For the account created with the normal clearos console, I dont know where are stored the seconde values for the same attribute !
Most of encrypted passwords are the same .. but .. -
Accepted Answer
-
Accepted Answer
-
Accepted Answer
This time I'm lost : If I create a new user from the admin web console, I've 2 entries for some attributes with different values !
[root@SRV-COS /]# slapcat -n3 | grep 'uid: test1' -B 40 -A 20 | grep Password:
clearSHAPassword: {sha}LvwrJ49A1sW6XzKZuqsYl1KgeYY=
clearSHAPassword: {sha}tESsBmE/yNY3lb6a0L6vVQEZNqw=
clearSHA1Password: 2efc2b278f40d6c5ba5f3299baab189752a07986
clearSHA1Password: b444ac06613fc8d63795be9ad0beaf55011936ac
clearMicrosoftNTPassword: 858DF190ACA5EE0080D5C2331FFE69AB
clearMicrosoftNTPassword: AACD12D27C87CAC8FC0B8538AED6F058
sambaNTPassword: 858DF190ACA5EE0080D5C2331FFE69AB
userPassword:: ZTNOb1lYMU1kbmR5U2pRNVFURnpWelpZZWt0YWRYRnpXV3d4UzJkbFdWazk=
userPassword:: e3NoYX10RVNzQm1FL3lOWTNsYjZhMEw2dlZRRVpOcXc9
If I open my ldap using a web tool, I can see the values in bold... really strange -
Accepted Answer
You're right, I can't create the clearSHA1Password with the correct encryption but it doesn't seems it is used in the user password.
When I create a new user from the COS Webconsoke with the password 'test1' I get the following entry in my ldapadmin webtool : (cf joined picture)
userPassword: {sha}tESsBmE/yNY3lb6a0L6vVQEZNqw=
But when asking with your commande, it's completely different :
root@SRV-COS /]# slapcat -n3 | grep 'uid: test1' -B 40 -A 20 | grep Password:
userPassword:: e3NoYX1MdndySjQ5QTFzVzZYektadXFzWWwxS2dlWVk9
I dont understand this difference but my problem could come from there. Now, I need to find which kind of encryption it is. I can create som encryption from my importing tools but not all :
I've the following options to create my passwords : :
static string HASH_MD5
static String HASH_SHA1
static String HASH_SHA256
static String HASH_SHA512
and those others :
computeSambaLMPassword(String password) : Encrypt a password for samba, LMPassword version.
static String computeSambaNTPassword(String password) : Encrypt a password for samba, NTPassword version.
static String encrypt(String value)
thanks very much fo your help -
Accepted Answer
You don't seem to be updating the clearSHA1Password field. You can work it out from places like http://www.sha1-online.com/ or, from the command line:
I've no idea what the clearSHAPassword is but you seem you have cracked that one. I am not sure about your userPassword as mine does not claim to be a hashed entry:echo -n YOUR_TEXT | sha1sum | awk '{print $1}'
and:slapcat -n3 | grep 'uid: test1' -B 40 -A 20 | grep Password:
userPassword:: e3NoYX10RVNzQm1FL3lOWTNsYjZhMEw2dlZRRVpOcXc9
clearSHAPassword: {sha}tESsBmE/yNY3lb6a0L6vVQEZNqw=
clearSHA1Password: b444ac06613fc8d63795be9ad0beaf55011936ac
clearMicrosoftNTPassword: AACD12D27C87CAC8FC0B8538AED6F058
sambaNTPassword: AACD12D27C87CAC8FC0B8538AED6F058
This is for a user "test1" and password "test1"echo -n test1 | sha1sum | awk '{print $1}'
b444ac06613fc8d63795be9ad0beaf55011936ac -
Accepted Answer
Hello Nick,
thanks for your answer. So I deleted my user and lauch my import tool again. then, I tried to flush the caches without any success.
Maybe I can ask ClearOS team and offer to solve my problem... because if imported users can't change their password, my entire project will be abandoned
What is reallay strange .. when I try to modify the user password with the ldap admin tool, I can do it but I get the same error when trying to modify it .. I think there's really somehting else than the ldap where the password are stored ..
Anyway thank for your help -
Accepted Answer
Have you tried flushing the caches after an import? I think it is:
I don't know what the netgroup cache is but it exists.nscd -i passwd
nscd -i group
nscd -i netgroup
p.s. Gold only really gives you help with features available through the webconfig. Platinum gives you a bit more with file tweaking of existing apps. I think you are looking for full development help. -
Accepted Answer
Hello all,
I'm really
I created the same user, once using the webconsole admin and once using my tool. Except one value (clearSH1Password), both entries have the same values (I joined the file).
I made many tests and it seems that this is the attribute "userPassword" that should do the trick. As you can see every userPassword are the same so I dont understand why, when trying to modify my password after a successfull login, I always get the answer 'Invalid password' for my existing password. Then encryption is the same !
to go futher in my project and by the business licence, I need to solve that problem. Maybe bying the business licence could solve that ?
Any idea is very welcome because I really need to solve that as soon as possible ...
Thanks to all from your help
kind regards -
Accepted Answer
Hello all,
I'm really
I created the same user, once using the webconsole admin and once using my tool. Except one value (clearSH1Password), both entries have the same values (I joined the file).
I made many tests and it seems that this is the attribute "userPassword" that should do the trick. As you can see every userPassword are the same so I dont understand why, when trying to modify my password after a successfull login, I always get the answer 'Invalid password' for my existing password. Then encryption is the same !
to go futher in my project and by the business licence, I need to solve that problem. Maybe bying the business licence could solve that ?
Any idea is very welcome because I really need to solve that as soon as possible ...
Thanks to all from your help
kind regards
Please login to post a reply
You will need to be logged in to be able to post a reply. Login using the form on the right or register an account if you are new here.
Register Here »