Paolo - Have you compared password complexity rules between AD and FD? They should be the same. -Glenn. ---------- Original Message ----------- From: Paolo Barbato <paolo.barbato@xxxxxxxxxx> To: "General discussion list for the Fedora Directory server project." <fedora-directory-users@xxxxxxxxxx> Sent: Mon, 1 Oct 2007 08:28:12 +0200 Subject: Re: fds vs passsync vs AD > Dear list, > > I repost original question on my troubles....anybody has any idea on > why I'm facing such a problem ? > > Regards, > Paolo. > > >Thanks for reply, but I suspect I'm facing a different problem. > > > >Talking about SSL. > > > >As far as I understand SSL is used both for passync (AD -> FDS) and > >replication agreement (AD <-> FDS). Note two different tasks. > > > >In first case work cert.db8 certificates. I've installed on both AD > >and FDS, my CA certificate and FDS server certificate. Passync works > >without a hic. When I change pasword from windows it's exactly set > >on FDS. > > > >Replication agreement is based on cert.db8 on FDS and MS > >architecture on AD, I mean that I make use of mmc to install CA and > >AD server signed certificate. > > > >Replication seems also work, since I see that AD and FDS users are > >"merged" in one (almost) identical list. So users that were in AD > >are created on FDS and viceversa, with (almost) all parameters > >setted. > > > >My problem arise when from a linux machine authenticated on FDS I > >issue and passwd change password. Really all seems go right, since > >FDS register new password, and also AD tell me that the change has > >been committed : > > > >first event > >User Account Changed: > > Target Account Name: barbato > > Target Domain: TEST > > Target Account ID: TEST\barbato > > Caller User Name: sync manager > > Caller Domain: TEST > > Caller Logon ID: (0x0,0x318F76) > > Privileges: - > > Changed Attributes: > > Sam Account Name: - > > Display Name: - > > User Principal Name: - > > Home Directory: - > >and after a while a second security event: > > > >User Account password set: > > Target Account Name: barbato > > Target Domain: TEST > > Target Account ID: TEST\barbato > > Caller User Name: sync manager > > Caller Domain: TEST > > Caller Logon ID: (0x0,0x318F76) > > > > > >But when I try to log on AD with this new password AD tell me that > >I'm usinig the wrong one. Note that also the previous doesn't work, > >and this confirm that it has been really changed. > > > >Anybody has faced this ? Some other things to look into ? > > > >Regards, > >Paolo. > > -- > ---------------------------------------------------------------------------- -------------------- > Paolo Barbato email: mailto:paolo.barbato@xxxxxxxxxx > Network Administrator phone: (39-049)-829-5097 > (39-049)-829-5000 > Corso Stati Uniti,4 www: http://www.igi.cnr.it > 35127 Camin-Padova PGP: > http://www.igi.cnr.it/wwwpgp/rfx_paolo_barbato.pgp > ITALY JabberID: > rfx_paolo_barbato@xxxxxxxxxxxxxxxxxx > ---------------------------------------------------------------------------- -------------------- > > -- > Fedora-directory-users mailing list > Fedora-directory-users@xxxxxxxxxx > https://www.redhat.com/mailman/listinfo/fedora-directory-users ------- End of Original Message ------- -- Fedora-directory-users mailing list Fedora-directory-users@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-directory-users
