[Fedora-directory-users] fds vs passsync vs AD

Paolo Barbato paolo.barbato at igi.cnr.it
Mon Oct 1 06:28:12 UTC 2007 

Dear list,

I repost original question on my troubles....anybody has any idea on 
why I'm facing such a problem ?

Regards,
Paolo.


>Thanks for reply, but I suspect I'm facing a different problem.
>
>Talking about SSL.
>
>As far as I understand SSL is used both for passync (AD -> FDS) and 
>replication agreement (AD <-> FDS). Note two different tasks.
>
>In first case work cert.db8 certificates. I've installed on both AD 
>and FDS, my CA certificate and FDS server certificate. Passync works 
>without  a hic. When I change pasword from windows it's exactly set 
>on FDS.
>
>Replication agreement is based on cert.db8 on FDS and MS 
>architecture on AD, I mean that I make use of mmc to install CA and 
>AD server signed certificate.
>
>Replication seems also work, since I see that AD and FDS users are 
>"merged" in one (almost) identical list.  So users that were in AD 
>are created on FDS and viceversa, with (almost) all parameters 
>setted.
>
>My problem arise when from a linux machine authenticated on FDS I 
>issue and passwd change password. Really all seems go right, since 
>FDS register new password, and also AD tell me that the change has 
>been committed :
>
>first event
>User Account Changed:
>  	Target Account Name:	barbato
>  	Target Domain:	TEST
>  	Target Account ID:	TEST\barbato
>  	Caller User Name:	sync manager
>  	Caller Domain:	TEST
>  	Caller Logon ID:	(0x0,0x318F76)
>  	Privileges:	-
>  Changed Attributes:
>  	Sam Account Name:	-
>  	Display Name:	-
>  	User Principal Name:	-
>  	Home Directory:	-
>and after a while a second security event:
>
>User Account password set:
>  	Target Account Name:	barbato
>  	Target Domain:	TEST
>  	Target Account ID:	TEST\barbato
>  	Caller User Name:	sync manager
>  	Caller Domain:	TEST
>  	Caller Logon ID:	(0x0,0x318F76)
>
>
>But when I try to log on AD with this new password AD tell me that 
>I'm usinig the wrong one. Note that also the previous doesn't work, 
>and this confirm that it has been really changed.
>
>Anybody has faced this ? Some other things to look into ?
>
>Regards,
>Paolo.




-- 
------------------------------------------------------------------------------------------------
Paolo Barbato               email: mailto:paolo.barbato at igi.cnr.it
Network Administrator   phone: (39-049)-829-5097
                                             (39-049)-829-5000
Corso Stati Uniti,4            www: http://www.igi.cnr.it          
35127 Camin-Padova       PGP: 
http://www.igi.cnr.it/wwwpgp/rfx_paolo_barbato.pgp
ITALY                      JabberID: rfx_paolo_barbato at messenger.efda.org   
------------------------------------------------------------------------------------------------

More information about the Fedora-directory-users mailing list