Hi, On Sun, Dec 18, 2022 at 7:10 PM Oleg Baranov via FreeIPA-users < freeipa-users@lists.fedorahosted.org> wrote:
> This stays out quite long and I faced absolutely the same behavior > adding 4.10.1 replica to 4.8.7. > > Fiddled almost a week with that so posting my solution here in order to > (hopefully) save someone's time. > > Problem was with password encryption scheme: 4.8.7 on an older CentOS > did not support PBKDF2-SHA512 used by 4.10.1 on FC37 so password > verification on older OS failed simply due to missing mechs. Logs did > not help to find the problem. > > Switching to PBKDF2_SHA256 (not PBKDF2-SHA256) with > > dsconf -D "cn=Directory Manager" -W ldaps://auth01.infra.ipa.local > config replace passwordStorageScheme=PBKDF2_SHA256 > > on FC37 made it work. > > Use > > dsconf -D "cn=Directory Manager" -W ldaps://auth01.infra.ipa.local > plugin list > > to compare available mechs on master and new-added replica. > > Thanks for the report. FYI it's a known 389-ds issue: https://bugzilla.redhat.com/show_bug.cgi?id=2151071 flo > -- > BR, > Oleg > _______________________________________________ > FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org > To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org > Fedora Code of Conduct: > https://docs.fedoraproject.org/en-US/project/code-of-conduct/ > List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines > List Archives: > https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedorahosted.org > Do not reply to spam, report it: > https://pagure.io/fedora-infrastructure/new_issue >
_______________________________________________ FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedorahosted.org Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue