[Fedora-directory-users] Windows Syncronization inbound changes problem
Rich Megginson
rmeggins at redhat.com
Thu Jan 10 17:35:37 UTC 2008
Christian A. Rodriguez wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> Rich Megginson escribió:
>
>> Christian A. Rodriguez wrote:
>>
>>> First of all I have to mention that Windows Users & Groups were
>>> created before Fedora Directory was installed, so when FDS was
>>> installed I started up with replicated windows users in FDS without
>>> passwords being synchronized. Therefore, the scenario is a Windows
>>> tree with users (with passwords) & groups and FDS with users and
>>> groups replicated without their passwords.
>>>
>>> I am trying to define a mechanism to reset every password in both
>>> directories so they begin to work synchronized.
>>>
>>> Doing some tests, I realized that a change made in Windows is
>>> replicated into FDS binding as the users subject of change, so as the
>>> entry doesn't have it's password, the following lines are logged in
>>> FDS access log:
>>>
>>> [08/Jan/2008:15:51:35 -0300] conn=1033 op=0 BIND
>>> dn="uid=USERXXX,OU=People,ou=Active Directory,dc=example,dc=com"
>>> method=128 version=2
>>> [08/Jan/2008:15:51:35 -0300] conn=1033 op=0 RESULT err=49 tag=97
>>> nentries=0 etime=0
>>> [08/Jan/2008:15:51:35 -0300] conn=1033 op=1 UNBIND
>>> [08/Jan/2008:15:51:35 -0300] conn=1033 op=1 fd=80 closed - U1
>>> [08/Jan/2008:15:51:35 -0300] conn=1032 op=2 RESULT err=50 tag=103
>>> nentries=0 etime=0
>>> [08/Jan/2008:15:51:35 -0300] conn=1032 op=3 UNBIND
>>>
>>> I haven't found any documentation about inbound changes, specifically
>>> password change, being done as the same user subject of the change. Is
>>> this true?
>>>
>> Yes. That's how it verifies the new password is valid.
>>
>
> So, how can I do to define a procedure for initializing both
> directories?
I'm not sure what you mean. For passwords, you just need to set/reset
the clear text password on either side, either the AD side or the Fedora
DS side. Assuming you have windows sync and password sync configured
correctly, setting/resetting the clear text password on AD will sync it
to Fedora DS, and vice versa.
> Are there any tips?
>
> Thanks
>
>
>>> Thanks in advance, and sorry for my bad English
>>>
>>>
>> ------------------------------------------------------------------------
>>
>> --
>> Fedora-directory-users mailing list
>> Fedora-directory-users at redhat.com
>> https://www.redhat.com/mailman/listinfo/fedora-directory-users
>>
>
>
> - --
> Lic. Christian A. Rodriguez
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.4.6 (GNU/Linux)
> Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
>
> iD8DBQFHhYjaLiwwyzG4Y1QRAp8YAJ4lJEr2/lFBEDIF5m2Ck6Z8tEd2UQCfVBUu
> xen2FPcuKSep8a3xj5kfQf4=
> =ji/K
> -----END PGP SIGNATURE-----
>
> --
> Fedora-directory-users mailing list
> Fedora-directory-users at redhat.com
> https://www.redhat.com/mailman/listinfo/fedora-directory-users
>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 3245 bytes
Desc: S/MIME Cryptographic Signature
URL: <http://listman.redhat.com/archives/fedora-directory-users/attachments/20080110/8e28df56/attachment.bin>
More information about the Fedora-directory-users
mailing list