gam create/update user command marks password as "Set by User" instead of "Set by Admin"

[Azadi Saryev]

Can anyone confirm this: 

When creating/updating a user via GAM, the created password in GApps Control Panel is flagged as "Set by user" instead of "Set by admin".

As a consequence, it seems the password is not accepted when user tries to log in for the first time - I have to go into Control Panel and change the password there, after which the user can log in successfully.

This is on a EDU domain, if that makes a difference, GAM version 1.9.1

Thanks,

Azadi

[Jay Lee]

Hi Azadi,

  I have not seen this issue in creating users and changing passwords.

  Can you share exactly how the user is being created (GAM command or steps in the CPanel) as well as the command used to change the users password?

Jay

[Azadi Saryev]

Hi Jay

Thanks for your reply.

It is just a regular

$ gam create user testuser.one firstname testuser lastname one password XXXXXXX changepassword

(note: gam is an alias)

The screen shot of result in Google Apps control panel is attached - not "Set by user" in Password section.

Same thing happens with update command

$ gam update user testuser.one password ZZZZZZZ changepassword on

The result is new user can't log in with the password I set using GAM - I have to log in to GApps control panel and re-set the password there. It shows up as "Set by admin" then, and user can log in.

I am on OS X 10.6.8, controlling an EDU domain, if that matters.

Thanks for looking into this. Cheers,

Azadi

PS: now that Google has Google Apps Groups Settings API, are you planning on incorporating it into GAM? 

[Azadi Saryev]

Wow. 2.0 is out! Nice job, Jay! I guess that answers my question re including Google Groups Settings API :)

[Azadi Saryev]

The problem persists in v 2.0 as well...

[Jay Lee]

Hi Azadi,

  I tried to replicate your issue but was unable to. I ran:

gam create user testuser.one firstname testuser lastname one password XXXXXXXXX changepassword

I was then immediately able to login as the test user / temp password. After completing the Captcha I was prompted to change my password.

A few questions for you:

• Are you using a reasonably strong password for your temp password at account creation time? The minimum length for all Google passwords is now 8 characters and you might have raised it in the Google Apps console. Does it meet those length requirements? I also suggest using upper/lowercase and non-letter characters.
• Is your domain using Single Sign-On (SSO)?
• After creating the accounts are you first attempting login via the Google Apps web login page or something else (IMAP, POP, Google Talk, etc)? You must login to an account via the web login and accept the ToS before the password will work for other services.

Hope this helps.

Jay

[Azadi Saryev]

Hi Jay

• Are you using a reasonably strong password for your temp password at account creation time? The minimum length for all Google passwords is now 8 characters and you might have raised it in the Google Apps console. Does it meet those length requirements? I also suggest using upper/lowercase and non-letter characters.

The password is at least 8 chars long and, when entered directly in GApps Control Panel is reported as "Very Strong"

• Is your domain using Single Sign-On (SSO)?

No, we do not use SSO. 

• After creating the accounts are you first attempting login via the Google Apps web login page or something else (IMAP, POP, Google Talk, etc)? You must login to an account via the web login and accept the ToS before the password will work for other services.

Web login, of course. The password is always rejected. I even tried waiting for 24 hours before trying to log in for the first time, thinking maybe G needed some time to 'process' the account created via GAM, but same result.

I do have 2 versions of GAM installed, both using same admin account details and - but it seems odd that that would cause a problem with user passwords...

If you have any other thoughts, or any GAM commands you want me to try - just let me know.

Azadi

[Jay Lee]

Are there any special or unusual characters in the password?

Jay

--
You received this message because you are subscribed to the "Google Apps Manager" group.
To post to this group, send email to
google-ap...@googlegroups.com
To unsubscribe from this group, send email to
google-apps-man...@googlegroups.com
For more options, visit this group at
https://groups.google.com/forum/#!forum/google-apps-manager

[Azadi Saryev]

Jay - I think you hit it on the head! I had a $ in the passwords. As soon as I removed it I could log in as new user. The note in Control Panel still says "Set by user" instead of "Set by admin", but at least I can log in.

Do you know if the $ in password has to do with GAM or Google Apps? Are there any other characters that should be avoided?

Thanks so much for your help!

Azadi

[Bri Hatch]

Just about Fri, Nov 11, 2011 at 9:26 AM, Azadi Saryev
<azadi....@gmail.com> mumbled:

> Jay - I think you hit it on the head! I had a $ in the passwords.

You probably failed to properly escape it. On unix shells "$" starts
a variable, e.g.

$ target="World"
$ echo Hello $target
Hello World

$ echo "Hello $target"
Hello World

$ echo 'Hello $target'
Hello $target

$ echo Hello \$target
Hello $target

> Are there any other characters that should be avoided?

In bash you'd want to escape at least ! ' and " or avoid them.

--
Bri Hatch, Systems and Security Engineer. http://www.ifokr.org/bri/

"UNIX was not designed to stop you from doing stupid things, because
that would also stop you from doing clever things."

[Azadi Saryev]

Hi Bri

In my case the $ character was in the middle of the password... Thinking back to it I should have definitely not used $ at all, but the passwords are not created by me...

And it is definitely a terminal/shell issue because setting a password with $ in it in GApps control panel works just fine.

Appreciate your input, thanks!

Azadi

[Matt Paddock]

I was able to get around this by just including single quotes in the script that created the user. The use of a bang in ours was causing the problem, so 'password' worked when password (no quotes) failed to work.

___________________________________________________________________________

Matt Paddock | Dominion Enterprises
150 Granby Street | Norfolk, VA 23510

757.351.8109 | matt.p...@dominionenterprises.com

 

.: Click to submit a trouble ticket with the DE Help Desk :.

--