[Fedora-directory-users] fds vs passsync vs AD
Paolo Barbato
paolo.barbato at igi.cnr.it
Mon Oct 1 06:28:12 UTC 2007
Dear list,
I repost original question on my troubles....anybody has any idea on
why I'm facing such a problem ?
Regards,
Paolo.
>Thanks for reply, but I suspect I'm facing a different problem.
>
>Talking about SSL.
>
>As far as I understand SSL is used both for passync (AD -> FDS) and
>replication agreement (AD <-> FDS). Note two different tasks.
>
>In first case work cert.db8 certificates. I've installed on both AD
>and FDS, my CA certificate and FDS server certificate. Passync works
>without a hic. When I change pasword from windows it's exactly set
>on FDS.
>
>Replication agreement is based on cert.db8 on FDS and MS
>architecture on AD, I mean that I make use of mmc to install CA and
>AD server signed certificate.
>
>Replication seems also work, since I see that AD and FDS users are
>"merged" in one (almost) identical list. So users that were in AD
>are created on FDS and viceversa, with (almost) all parameters
>setted.
>
>My problem arise when from a linux machine authenticated on FDS I
>issue and passwd change password. Really all seems go right, since
>FDS register new password, and also AD tell me that the change has
>been committed :
>
>first event
>User Account Changed:
> Target Account Name: barbato
> Target Domain: TEST
> Target Account ID: TEST\barbato
> Caller User Name: sync manager
> Caller Domain: TEST
> Caller Logon ID: (0x0,0x318F76)
> Privileges: -
> Changed Attributes:
> Sam Account Name: -
> Display Name: -
> User Principal Name: -
> Home Directory: -
>and after a while a second security event:
>
>User Account password set:
> Target Account Name: barbato
> Target Domain: TEST
> Target Account ID: TEST\barbato
> Caller User Name: sync manager
> Caller Domain: TEST
> Caller Logon ID: (0x0,0x318F76)
>
>
>But when I try to log on AD with this new password AD tell me that
>I'm usinig the wrong one. Note that also the previous doesn't work,
>and this confirm that it has been really changed.
>
>Anybody has faced this ? Some other things to look into ?
>
>Regards,
>Paolo.
--
------------------------------------------------------------------------------------------------
Paolo Barbato email: mailto:paolo.barbato at igi.cnr.it
Network Administrator phone: (39-049)-829-5097
(39-049)-829-5000
Corso Stati Uniti,4 www: http://www.igi.cnr.it
35127 Camin-Padova PGP:
http://www.igi.cnr.it/wwwpgp/rfx_paolo_barbato.pgp
ITALY JabberID: rfx_paolo_barbato at messenger.efda.org
------------------------------------------------------------------------------------------------
More information about the Fedora-directory-users
mailing list