Something more: On FreeIPA side there are built these errors too:
[15/Mar/2012:10:02:02 +0100] encrypt_encode_key - [file ipapwd_encoding.c, line 451]: krb5_c_string_to_key failed [Invalid argument] [15/Mar/2012:10:02:02 +0100] ipapwd_gen_hashes - [file ipapwd_encoding.c, line 776]: key encryption/encoding failed Von: Bennet Lingner [mailto:b.ling...@zik.hs-anhalt.de] Gesendet: Donnerstag, 15. März 2012 10:34 An: 'freeipa-users@redhat.com' Betreff: AW: Windows Password Synchronization Error Hi, Thank you for your reply. Version of freeipa and 389 packages: Freeipa server, python, admintools, client, server-selinux all in 2.1.4-5.fc16.i686 389-ds-base-1.2.10.3-1.fc16.i686 + libs Platform is Fedora 16 3.2.9-2.fc16.i686.PAE on AMD Opteron CPU Ldapmodify and ipa passwd are working perfectly, Ive changed password in this ways and passwords were synchronized. So I conclude the problem is specific to AD Passsync? If it is so, do I have the possibility on AD side too to set or try something? Best regards. Bennet Lingner Von: Rich Megginson [mailto:rmegg...@redhat.com] Gesendet: Mittwoch, 14. März 2012 16:31 An: Bennet Lingner Betreff: Re: Windows Password Synchronization Error On 03/14/2012 06:29 AM, Bennet Lingner wrote: Dear Mr. Megginson, Ive seen in www, that you are very involved in 389 directory server, thats why I decided to send this mail to you. I hope you can help me. Im running a WIN2K8 R2 64 bit and a fedora Linux 32 bit with freeipa. In the future, please use the freeipa-users@redhat.com email list. Please also include the versions of your freeipa and 389 packages: rpm -qa|grep freeipa rpm -qa|grep 389 There is a win sync agreement, which works very well, even the passwords are synchronized. The only problem is that: If I set a new password on windows side with more than 2 special characters, e.g. !Mäusel 10 or !Rüdiger 20 Then I get the passsync error: 03/14/12 12:26:13: Ldap error in ModifyPassword 1: Operations error 03/14/12 12:26:13: Modify Password failed for remote entry: uid= 03/14/12 12:26:13: Deferring password change for Do you have any idea, if that could be or something else, what can I do? What is your 389-ds-base version and platform? Can you use ldapmodify to change the user password to one of the above values? Can you use ipa-passwd? That is, is the problem specific to AD PassSync, or is it a problem with these types of passwords in general? Best regards. Mit freundlichen Grüßen Bennet Lingner Hochschule Anhalt - ZIK b.ling...@zik.hs-anhalt.de Tel. +49 (0) 3496 67-5420 Fax +49 (0) 3496 67-95420 Bernburger Straße 55 06366 Köthen (Anhalt) Hochschule Anhalt (FH) * Bernburger Straße 55 * D 06366 Köthen Präsident Prof. Dr. Dr. h.c. Dieter Orzessek * Tel.: +49 (0) 3496 67 1000 * Fax +49 (0) 3496 67 1099 Betriebsnummer 030 77 111 * Umsatzsteuernummer DE 8140 92 585 Zuständige Aufsichtsbehörde Kultusministerium des Landes Sachsen-Anhalt, PF 3765, 39012 Magdeburg
smime.p7s
Description: S/MIME cryptographic signature
_______________________________________________ Freeipa-users mailing list Freeipa-users@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-users