On 11/12/2013 01:29 AM, gflwqs gflwqs wrote:
Hi,
I have created the sync user with:
- *Replicating directory changes* rights to the synchronized Active Directory subtree. - A member of the *Account Operator* and *Enterprise Read-Only Domain controller* groups.



The user attribute syncronization is working fine, however the passync from IPA to AD does not work, i get this error message when i change a password for a user from IPA: (00000005: SecErr: DSID-031A121F, problem 4003 (INSUFF_ACCESS_RIGHTS), data 0 ) for modify operation

If i add the sync user to the Domain Admins group it works, however according to the docs this should not be necessary?
http://port389.org/wiki/Howto:WindowsSync#Creating_AD_User_with_Replication_Rights




_______________________________________________
Freeipa-users mailing list
Freeipa-users@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-users

_______________________________________________
Freeipa-users mailing list
Freeipa-users@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-users

Reply via email to