Paolo - Maybe your certificates are not set up correctly. You should have the same CA certificate in the database in both FDS and AD. Also, the server certs in each database should be issued by the same certificate authority. It is convenient to use the Certificate Authority included with recent Microsoft Windows servers to create a CA certificate to import into both databases. You can then create server certificates using the MSCA and import them into their respective databases. You may also need to import the server certificate from FDS into the database on AD and vice-versa. Once this is done, you should review and possibly modify the trust attributes on all the certs. As you can see from my examples, I used a scatter-gun approach. You will need to use certutil for all import and modify operations on the certificate databases. "certutil -H" gives a nice reference. Examples: sibelius=FD boccherini=AD TWCA=CA [root at sibelius alias]# ./certutil -L -d . -P slapd-sibelius- TWCA CT,c,c boccherini P,P,P server-cert CTu,cu,cu C:\Program Files\RHD Password Sync>certutil -L -d . TWCA CT,C,C server-cert Pu,Pu,Pu boccherini P,P,P Remember to restart FDS and PassSync after making changes. -G. ---------- Original Message ----------- From: Paolo Barbato <paolo.barbato at igi.cnr.it> To: fedora-directory-users at redhat.com Sent: Thu, 27 Sep 2007 10:06:40 +0200 Subject: fds vs passsync vs AD > Hi all! > > I've succesfully installed fds and passync msi on windows AD. I > admit that some probem have arisen since documentation is a bit poor > on SSL part, especially on AD, but then finally I was able to make > things works. > > I'm facing an odd problem that I'm not able to understand, but > probably already discussed on the list. > > I'm able to take in sync password in AD and FDS when I change > password from AD, but not viceversa. Really from Windows event log > things seem go right: it tell me that pasword has been succesfully > updated (passwd is issued from linux). But that stored password is > somewhat different . Could be an encryption problem ? Any hints ? > > Regards, > Paolo. > -- > ---------------------------------------------------------------------------- -------------------- > Paolo Barbato email: mailto:paolo.barbato at igi.cnr.it > Network Administrator phone: (39-049)-829-5097 > (39-049)-829-5000 > Corso Stati Uniti,4 www: http://www.igi.cnr.it > 35127 Camin-Padova PGP: > http://www.igi.cnr.it/wwwpgp/rfx_paolo_barbato.pgp > ITALY JabberID: rfx_paolo_barbato at messenger.efda.org > ---------------------------------------------------------------------------- -------------------- > > -- > Fedora-directory-users mailing list > Fedora-directory-users at redhat.com > https://www.redhat.com/mailman/listinfo/fedora-directory-users ------- End of Original Message -------
