[Freeipa-users] Windows Password Synchronization Error
Bennet Lingner
b.lingner at zik.hs-anhalt.de
Thu Mar 15 09:59:55 UTC 2012
Something more:
On FreeIPA side there are built these errors too:
[15/Mar/2012:10:02:02 +0100] encrypt_encode_key - [file ipapwd_encoding.c,
line 451]: krb5_c_string_to_key failed [Invalid argument]
[15/Mar/2012:10:02:02 +0100] ipapwd_gen_hashes - [file ipapwd_encoding.c,
line 776]: key encryption/encoding failed
Von: Bennet Lingner [mailto:b.lingner at zik.hs-anhalt.de]
Gesendet: Donnerstag, 15. März 2012 10:34
An: 'freeipa-users at redhat.com'
Betreff: AW: Windows Password Synchronization Error
Hi,
Thank you for your reply.
Version of freeipa and 389 packages:
Freeipa server, python, admintools, client, server-selinux all in
2.1.4-5.fc16.i686
389-ds-base-1.2.10.3-1.fc16.i686 + libs
Platform is Fedora 16 3.2.9-2.fc16.i686.PAE on AMD Opteron CPU
Ldapmodify and ipa passwd are working perfectly, Ive changed password in
this ways and passwords were synchronized.
So I conclude the problem is specific to AD Passsync?
If it is so, do I have the possibility on AD side too to set or try
something?
Best regards.
Bennet Lingner
Von: Rich Megginson [mailto:rmeggins at redhat.com]
Gesendet: Mittwoch, 14. März 2012 16:31
An: Bennet Lingner
Betreff: Re: Windows Password Synchronization Error
On 03/14/2012 06:29 AM, Bennet Lingner wrote:
Dear Mr. Megginson,
Ive seen in www, that you are very involved in 389 directory server, thats
why I decided to send this mail to you.
I hope you can help me.
Im running a WIN2K8 R2 64 bit and a fedora Linux 32 bit with freeipa.
In the future, please use the freeipa-users at redhat.com email list. Please
also include the versions of your freeipa and 389 packages:
rpm -qa|grep freeipa
rpm -qa|grep 389
There is a win sync agreement, which works very well, even the passwords are
synchronized.
The only problem is that:
If I set a new password on windows side with more than 2 special characters,
e.g. !Mäusel 10 or !Rüdiger 20
Then I get the passsync error:
03/14/12 12:26:13: Ldap error in ModifyPassword
1: Operations error
03/14/12 12:26:13: Modify Password failed for remote entry: uid=
03/14/12 12:26:13: Deferring password change for
Do you have any idea, if that could be or something else, what can I do?
What is your 389-ds-base version and platform?
Can you use ldapmodify to change the user password to one of the above
values? Can you use ipa-passwd? That is, is the problem specific to AD
PassSync, or is it a problem with these types of passwords in general?
Best regards.
Mit freundlichen Grüßen
Bennet Lingner
Hochschule Anhalt - ZIK
b.lingner at zik.hs-anhalt.de
Tel. +49 (0) 3496 67-5420
Fax +49 (0) 3496 67-95420
Bernburger Straße 55
06366 Köthen (Anhalt)
Hochschule Anhalt (FH) * Bernburger Straße 55 * D 06366 Köthen
Präsident Prof. Dr. Dr. h.c. Dieter Orzessek * Tel.: +49 (0) 3496 67 1000 *
Fax +49 (0) 3496 67 1099
Betriebsnummer 030 77 111 * Umsatzsteuernummer DE 8140 92 585
Zuständige Aufsichtsbehörde Kultusministerium des Landes Sachsen-Anhalt, PF
3765, 39012 Magdeburg
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20120315/0136c92b/attachment.htm>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 5748 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20120315/0136c92b/attachment.p7s>
More information about the Freeipa-users
mailing list