On Wed, 2010-01-27 at 17:30 -0300, Ldap Tester wrote: > I have two 389 servers, one under fedora 12 and one under fedora 11. > They have the following packages: > > 389-admin-1.1.9-1.fc12.x86_64 > 389-admin-console-1.1.4-2.fc12.noarch > 389-admin-console-doc-1.1.4-2.fc12.noarch > 389-adminutil-1.1.8-4.fc12.x86_64 > 389-console-1.1.3-5.fc12.noarch > 389-ds-1.1.3-5.fc12.noarch > 389-ds-base-1.2.5-1.fc12.x86_64 > 389-ds-base-devel-1.2.5-1.fc12.x86_64 > 389-ds-console-1.2.0-5.fc12.noarch > 389-ds-console-doc-1.2.0-5.fc12.noarch > 389-dsgw-1.1.4-1.fc12.x86_64 > > 389-admin-1.1.8-4.fc11.x86_64 > 389-admin-console-1.1.4-1.fc11.noarch > 389-admin-console-doc-1.1.4-1.fc11.noarch > 389-adminutil-1.1.8-3.fc11.x86_64 > 389-console-1.1.3-4.fc11.noarch > 389-ds-1.1.3-4.fc11.noarch > 389-ds-base-1.2.5-1.fc11.x86_64 > 389-ds-base-devel-1.2.5-1.fc11.x86_64 > 389-ds-console-1.2.0-4.fc11.noarch > 389-ds-console-doc-1.2.0-4.fc11.noarch > 389-dsgw-1.1.4-1.fc11.x86_64 > > There are set up as multi masters. > > I also have a windows 2003 Active Directory server. > I have password sync'ing set up between the AD and the fedora 12 389 > server. > > This has been working for several years. > I have recently noticed a problem that may have existed for some time > now, maybe always. > > If I change a user password via windows, everything works as expected. > The password changes on windows and both fedora machines. > If I change a user password via the fedora 12 machine, > the one that has the sync agreement with the windows machine, > again, everything works as expected, > The password changes on windows and both fedora machines. > > However, if I change a user password via the fedora 11 machine, > the one that does not have the sync agreement with the windows > machine, > then, the password changes on both fedora machines, > but NOT on the windows machine. > > This is not how it is supposed to work, right? > > I have looked at all sorts of logs, and still have now clue as to the > problem. > (I do not believe it is a fedora 11 versus fedora 12 problem.) > Does anybody have any ideas? I had the same scenario. Remember that the encrypted passwords are not synchronized with Windows. When you change your password on your F11, it is stored encrypted. Then MMR transmits "userPassword 'encrypted on your F12. Therefore, the password does not synchronize with Windows, since as already mentioned, is encrypted. In my case, I decided to change to a Master / Slave scenario. Thus, your F11 will be to read only and such changes will be forwarded to your F12 (this includes passwd) which will be written. Greetings P.D.: I apologize for my poor English. -- Sergio A. Morales <sergiomorales@xxxxxxxxxxxx> uSCI & CSRG Sysadmin Archlinux Chile
Attachment:
signature.asc
Description: This is a digitally signed message part
-- 389 users mailing list 389-users@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/389-users
