Differences
This shows you the differences between two versions of the page.
linux_wiki:freeipa_audit_user_migration [2018/06/02 23:28] billdozor [FreeIPA Audit User Migration] |
linux_wiki:freeipa_audit_user_migration [2019/05/25 23:50] |
||
---|---|---|---|
Line 1: | Line 1: | ||
- | ====== FreeIPA Audit User Migration ====== | ||
- | |||
- | **General Information** | ||
- | |||
- | Audit which user accounts remain to migrate passwords and get kerberos hashed keys in the IPA domain. | ||
- | |||
- | **Checklist** | ||
- | * FreeIPA servers already installed/ | ||
- | * Client systems migrated | ||
- | * Now just monitoring user accounts getting their kerberos hashed password keys in the new FreeIPA domain. | ||
- | |||
- | ---- | ||
- | |||
- | ====== The Script ====== | ||
- | |||
- | Run on an IPA server to determine which accounts still need kerberos keys. | ||
- | |||
- | <code bash audit-migration-users.sh> | ||
- | #!/bin/bash | ||
- | # Name: audit-migration-users.sh | ||
- | # Description: | ||
- | # passwords and get kerberos keys | ||
- | # Last Updated: 2016-11-25 | ||
- | # Recent Changes: | ||
- | ################################################################ | ||
- | |||
- | echo -e "This script will determine which users are left to enter their password for a kerberos key." | ||
- | echo -e " | ||
- | read run_script | ||
- | |||
- | if [[ ${run_script} != " | ||
- | echo -e " | ||
- | exit 1 | ||
- | fi | ||
- | |||
- | # Log file to store hosts left to migrate | ||
- | log_file="/ | ||
- | |||
- | # Clear log file | ||
- | echo -e " | ||
- | cat /dev/null > ${log_file} | ||
- | |||
- | # Build a list of enabled accounts | ||
- | #- Find all users | grep logins and disabled status lines | | ||
- | #- If the current line matches " | ||
- | #- next, store the current line's field 3 in the variable USER (USER=$3) | ||
- | user_list=$(/ | ||
- | |||
- | total_users=$(echo ${user_list} | wc -w) | ||
- | |||
- | for user_name in ${user_list}; | ||
- | |||
- | echo -e ">> | ||
- | # Check to see if the user has a kerberos key | ||
- | kerberos_key=" | ||
- | |||
- | # If False, add to the list of users that still need to migrate their password | ||
- | if [[ ${kerberos_key} == " | ||
- | echo -e " | ||
- | echo ${user_name} >> ${log_file} | ||
- | fi | ||
- | |||
- | done | ||
- | |||
- | left_to_convert=" | ||
- | echo -e " | ||
- | echo -e ">> | ||
- | echo -e ">> | ||
- | </ | ||
- | |||
- | ---- | ||