AD sync

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Hi,


The SSL connection now works, but I can replicate users from Directory
server to AD only. (Passwords and all other, and users are valid).
Replication from AD to DS works, but without replicating passwords. I use
windows 2003. In event log I see this message when I start passync.exe:

The description for Event ID (105) in Source (Password Synchronization
Service) cannot be found.
The local computer may not have the necessary registry information or
message DLL files to display messages from a remote computer. ....

Is this normal?

I tried capturing traffic with ethereal but when I change password there is
no traffic from AD to DS. It seems that DLL hook is not working.

The password complexity is enabled.

Regards
Darjo






-----Original Message-----
From: fedora-directory-users-bounces at redhat.com
[mailto:fedora-directory-users-bounces at redhat.com] On Behalf Of Rich
Megginson
Sent: Wednesday, October 19, 2005 3:52 PM
To: General discussion list for the Fedora Directory server project.
Subject: Re: AD sync

Short answer: You are using an invalid SSL certificate.

Longer Answer: SSL server certificates must be capable of key exchange.
The cert you are using may be a signing only certificate.  This would make
it a perfectly good cert for client authentication. It would also make it an
acceptable certificate for DHE_ type diffie Hellman server operations. It
does not work for RSA SSL server operations. You need to either 1) don't the
key usage extension, or 2) specify Key Encipherment (or Key Exchange).  The
problem is that the MSADCA by default issues these types of certificates,
presumably because all of the MS clients are configured to "just work" with
them.

Darjo Gregoric wrote:

>Hi,
>
>
>
>I have a problem with AD sync.  I have established synchronization
>without SSL and works fine, but when I use SSL, connection is not
>established and I receive error:
>
>
>
>Simple bind failed, LDAP sdk error 81 (Can't contact LDAP server),
>Netscape Portable Runtime error -8179 (Peer's Certificate issuer is not
>recognized.)
>
>
>
>AD machine name is suzy.
>
>
>
>I have exported CA and imported it on Directory server.
>
>
>
>Certutil -L -d . gives:
>
>
>
>CA certificate                                               CTu,u,u
>
>suzy                                                              CT,,
>
>Server-Cert                                                  u,u,u
>
>
>
>
>
>Did i miss something?
>
>
>
>Is there any HOW TO for this type of configuration?
>
>
>
>Regards
>Darjo
>
>
>
>
>
>--
>Fedora-directory-users mailing list
>Fedora-directory-users at redhat.com
>https://www.redhat.com/mailman/listinfo/fedora-directory-users
>
>
[Index of Archives]     [Fedora User Discussion]     [Older Fedora Users]     [Fedora Announce]     [Fedora Package Announce]     [EPEL Announce]     [Fedora News]     [Fedora Cloud]     [Fedora Advisory Board]     [Fedora Education]     [Fedora Security]     [Fedora Scitech]     [Fedora Robotics]     [Fedora Maintainers]     [Fedora Infrastructure]     [Fedora Websites]     [Anaconda Devel]     [Fedora Devel Java]     [Fedora Legacy]     [Fedora Desktop]     [Fedora Fonts]     [ATA RAID]     [Fedora Marketing]     [Fedora Management Tools]     [Fedora Mentors]     [Fedora Package Review]     [Fedora R Devel]     [Fedora PHP Devel]     [Kickstart]     [Fedora Music]     [Fedora Packaging]     [Centos]     [Fedora SELinux]     [Fedora Legal]     [Fedora Kernel]     [Fedora QA]     [Fedora Triage]     [Fedora OCaml]     [Coolkey]     [Virtualization Tools]     [ET Management Tools]     [Yum Users]     [Tux]     [Yosemite News]     [Yosemite Photos]     [Linux Apps]     [Maemo Users]     [Gnome Users]     [KDE Users]     [Fedora Tools]     [Fedora Art]     [Fedora Docs]     [Maemo Users]     [Asterisk PBX]     [Fedora Sparc]     [Fedora Universal Network Connector]     [Fedora ARM]

  Powered by Linux