fds vs passsync vs AD

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Dear list,

I repost original question on my troubles....anybody has any idea on 
why I'm facing such a problem ?

Regards,
Paolo.


>Thanks for reply, but I suspect I'm facing a different problem.
>
>Talking about SSL.
>
>As far as I understand SSL is used both for passync (AD -> FDS) and 
>replication agreement (AD <-> FDS). Note two different tasks.
>
>In first case work cert.db8 certificates. I've installed on both AD 
>and FDS, my CA certificate and FDS server certificate. Passync works 
>without  a hic. When I change pasword from windows it's exactly set 
>on FDS.
>
>Replication agreement is based on cert.db8 on FDS and MS 
>architecture on AD, I mean that I make use of mmc to install CA and 
>AD server signed certificate.
>
>Replication seems also work, since I see that AD and FDS users are 
>"merged" in one (almost) identical list.  So users that were in AD 
>are created on FDS and viceversa, with (almost) all parameters 
>setted.
>
>My problem arise when from a linux machine authenticated on FDS I 
>issue and passwd change password. Really all seems go right, since 
>FDS register new password, and also AD tell me that the change has 
>been committed :
>
>first event
>User Account Changed:
>  	Target Account Name:	barbato
>  	Target Domain:	TEST
>  	Target Account ID:	TEST\barbato
>  	Caller User Name:	sync manager
>  	Caller Domain:	TEST
>  	Caller Logon ID:	(0x0,0x318F76)
>  	Privileges:	-
>  Changed Attributes:
>  	Sam Account Name:	-
>  	Display Name:	-
>  	User Principal Name:	-
>  	Home Directory:	-
>and after a while a second security event:
>
>User Account password set:
>  	Target Account Name:	barbato
>  	Target Domain:	TEST
>  	Target Account ID:	TEST\barbato
>  	Caller User Name:	sync manager
>  	Caller Domain:	TEST
>  	Caller Logon ID:	(0x0,0x318F76)
>
>
>But when I try to log on AD with this new password AD tell me that 
>I'm usinig the wrong one. Note that also the previous doesn't work, 
>and this confirm that it has been really changed.
>
>Anybody has faced this ? Some other things to look into ?
>
>Regards,
>Paolo.




-- 
------------------------------------------------------------------------------------------------
Paolo Barbato               email: mailto:paolo.barbato at igi.cnr.it
Network Administrator   phone: (39-049)-829-5097
                                             (39-049)-829-5000
Corso Stati Uniti,4            www: http://www.igi.cnr.it          
35127 Camin-Padova       PGP: 
http://www.igi.cnr.it/wwwpgp/rfx_paolo_barbato.pgp
ITALY                      JabberID: rfx_paolo_barbato at messenger.efda.org   
------------------------------------------------------------------------------------------------
[Index of Archives]     [Fedora User Discussion]     [Older Fedora Users]     [Fedora Announce]     [Fedora Package Announce]     [EPEL Announce]     [Fedora News]     [Fedora Cloud]     [Fedora Advisory Board]     [Fedora Education]     [Fedora Security]     [Fedora Scitech]     [Fedora Robotics]     [Fedora Maintainers]     [Fedora Infrastructure]     [Fedora Websites]     [Anaconda Devel]     [Fedora Devel Java]     [Fedora Legacy]     [Fedora Desktop]     [Fedora Fonts]     [ATA RAID]     [Fedora Marketing]     [Fedora Management Tools]     [Fedora Mentors]     [Fedora Package Review]     [Fedora R Devel]     [Fedora PHP Devel]     [Kickstart]     [Fedora Music]     [Fedora Packaging]     [Centos]     [Fedora SELinux]     [Fedora Legal]     [Fedora Kernel]     [Fedora QA]     [Fedora Triage]     [Fedora OCaml]     [Coolkey]     [Virtualization Tools]     [ET Management Tools]     [Yum Users]     [Tux]     [Yosemite News]     [Yosemite Photos]     [Linux Apps]     [Maemo Users]     [Gnome Users]     [KDE Users]     [Fedora Tools]     [Fedora Art]     [Fedora Docs]     [Maemo Users]     [Asterisk PBX]     [Fedora Sparc]     [Fedora Universal Network Connector]     [Fedora ARM]

  Powered by Linux