Re: fds vs passsync vs AD

[Paolo Barbato <paolo.barbato@xxxxxxxxxx>]

Dear list,

I repost original question on my troubles....anybody has any idea on 
why I'm facing such a problem ?

Regards,
Paolo.


> Thanks for reply, but I suspect I'm facing a different problem.
>
> Talking about SSL.
>
> As far as I understand SSL is used both for passync (AD -> FDS) and 
> replication agreement (AD <-> FDS). Note two different tasks.
>
> In first case work cert.db8 certificates. I've installed on both AD 
> and FDS, my CA certificate and FDS server certificate. Passync works 
> without  a hic. When I change pasword from windows it's exactly set 
> on FDS.
>
> Replication agreement is based on cert.db8 on FDS and MS 
> architecture on AD, I mean that I make use of mmc to install CA and 
> AD server signed certificate.
>
> Replication seems also work, since I see that AD and FDS users are 
> "merged" in one (almost) identical list.  So users that were in AD 
> are created on FDS and viceversa, with (almost) all parameters 
> setted.
>
> My problem arise when from a linux machine authenticated on FDS I 
> issue and passwd change password. Really all seems go right, since 
> FDS register new password, and also AD tell me that the change has 
> been committed :
>
> first event
> User Account Changed:
>  	Target Account Name:	barbato
>  	Target Domain:	TEST
>  	Target Account ID:	TEST\barbato
>  	Caller User Name:	sync manager
>  	Caller Domain:	TEST
>  	Caller Logon ID:	(0x0,0x318F76)
>  	Privileges:	-
>  Changed Attributes:
>  	Sam Account Name:	-
>  	Display Name:	-
>  	User Principal Name:	-
>  	Home Directory:	-
> and after a while a second security event:
>
> User Account password set:
>  	Target Account Name:	barbato
>  	Target Domain:	TEST
>  	Target Account ID:	TEST\barbato
>  	Caller User Name:	sync manager
>  	Caller Domain:	TEST
>  	Caller Logon ID:	(0x0,0x318F76)
>
>
> But when I try to log on AD with this new password AD tell me that 
> I'm usinig the wrong one. Note that also the previous doesn't work, 
> and this confirm that it has been really changed.
>
> Anybody has faced this ? Some other things to look into ?
>
> Regards,
> Paolo.




--
------------------------------------------------------------------------------------------------
Paolo Barbato               email: mailto:paolo.barbato@xxxxxxxxxx
Network Administrator   phone: (39-049)-829-5097
                                            (39-049)-829-5000
Corso Stati Uniti,4            www: http://www.igi.cnr.it          
35127 Camin-Padova       PGP: 
http://www.igi.cnr.it/wwwpgp/rfx_paolo_barbato.pgp
ITALY                      JabberID: rfx_paolo_barbato@xxxxxxxxxxxxxxxxxx   
------------------------------------------------------------------------------------------------

--
Fedora-directory-users mailing list
Fedora-directory-users@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/fedora-directory-users