[Fedora-directory-users] fds vs passsync vs AD
Glenn
glenn at mail.txwes.edu
Mon Oct 1 13:34:59 UTC 2007
Paolo - Have you compared password complexity rules between AD and FD? They
should be the same. -Glenn.
---------- Original Message -----------
From: Paolo Barbato <paolo.barbato at igi.cnr.it>
To: "General discussion list for the Fedora Directory server project."
<fedora-directory-users at redhat.com>
Sent: Mon, 1 Oct 2007 08:28:12 +0200
Subject: Re: [Fedora-directory-users] fds vs passsync vs AD
> Dear list,
>
> I repost original question on my troubles....anybody has any idea on
> why I'm facing such a problem ?
>
> Regards,
> Paolo.
>
> >Thanks for reply, but I suspect I'm facing a different problem.
> >
> >Talking about SSL.
> >
> >As far as I understand SSL is used both for passync (AD -> FDS) and
> >replication agreement (AD <-> FDS). Note two different tasks.
> >
> >In first case work cert.db8 certificates. I've installed on both AD
> >and FDS, my CA certificate and FDS server certificate. Passync works
> >without a hic. When I change pasword from windows it's exactly set
> >on FDS.
> >
> >Replication agreement is based on cert.db8 on FDS and MS
> >architecture on AD, I mean that I make use of mmc to install CA and
> >AD server signed certificate.
> >
> >Replication seems also work, since I see that AD and FDS users are
> >"merged" in one (almost) identical list. So users that were in AD
> >are created on FDS and viceversa, with (almost) all parameters
> >setted.
> >
> >My problem arise when from a linux machine authenticated on FDS I
> >issue and passwd change password. Really all seems go right, since
> >FDS register new password, and also AD tell me that the change has
> >been committed :
> >
> >first event
> >User Account Changed:
> > Target Account Name: barbato
> > Target Domain: TEST
> > Target Account ID: TEST\barbato
> > Caller User Name: sync manager
> > Caller Domain: TEST
> > Caller Logon ID: (0x0,0x318F76)
> > Privileges: -
> > Changed Attributes:
> > Sam Account Name: -
> > Display Name: -
> > User Principal Name: -
> > Home Directory: -
> >and after a while a second security event:
> >
> >User Account password set:
> > Target Account Name: barbato
> > Target Domain: TEST
> > Target Account ID: TEST\barbato
> > Caller User Name: sync manager
> > Caller Domain: TEST
> > Caller Logon ID: (0x0,0x318F76)
> >
> >
> >But when I try to log on AD with this new password AD tell me that
> >I'm usinig the wrong one. Note that also the previous doesn't work,
> >and this confirm that it has been really changed.
> >
> >Anybody has faced this ? Some other things to look into ?
> >
> >Regards,
> >Paolo.
>
> --
> ----------------------------------------------------------------------------
--------------------
> Paolo Barbato email: mailto:paolo.barbato at igi.cnr.it
> Network Administrator phone: (39-049)-829-5097
> (39-049)-829-5000
> Corso Stati Uniti,4 www: http://www.igi.cnr.it
> 35127 Camin-Padova PGP:
> http://www.igi.cnr.it/wwwpgp/rfx_paolo_barbato.pgp
> ITALY JabberID:
> rfx_paolo_barbato at messenger.efda.org
> ----------------------------------------------------------------------------
--------------------
>
> --
> Fedora-directory-users mailing list
> Fedora-directory-users at redhat.com
> https://www.redhat.com/mailman/listinfo/fedora-directory-users
------- End of Original Message -------
More information about the Fedora-directory-users
mailing list