On 2/28/20 1:15 PM, Alberto Viana wrote:
Mark,
Yes, it solves the problem. Can you explain what exactly that
config does? It's suppose to be on?
Found some old CVE about it and just want to be sure about what I'm doing.
Well we used to keep this set to "on" but changed the default
Mark,
Yes, it solves the problem. Can you explain what exactly that
config does? It's suppose to be on?
Found some old CVE about it and just want to be sure about what I'm doing.
Thanks
Alberto Viana
On Fri, Feb 28, 2020 at 12:39 PM Mark Reynolds wrote:
> Alberto,
>
> We might know
Hi Mark,
Yes, I will try and let you know.
Thanks
On Fri, Feb 28, 2020, 12:39 Mark Reynolds wrote:
> Alberto,
>
> We might know what's going on. Can you sent nsslapd-unhashed-pw-switch to
> "on" in cn=config and see if it solves the problem?
>
> Thanks,
>
> Mark
> On 2/19/20 8:01 AM, Alberto
Alberto,
We might know what's going on. Can you sent nsslapd-unhashed-pw-switch
to "on" in cn=config and see if it solves the problem?
Thanks,
Mark
On 2/19/20 8:01 AM, Alberto Viana wrote:
WIlliam,
Would be helpful if I provide to you guys a test environment? It's not
hard for me to do
> On 25 Feb 2020, at 00:02, Mark Reynolds wrote:
>
>
> On 2/19/20 10:45 PM, William Brown wrote:
>> I'll let Mark answer that, he's more knowledgeable in this area than I am.
>
> I wouldn't say that. I've only set it up twice :-p
Twice more than I've done it :)
> But it always just
On 2/19/20 10:45 PM, William Brown wrote:
I'll let Mark answer that, he's more knowledgeable in this area than I am.
I wouldn't say that. I've only set it up twice :-p But it always just
worked, and a lot of people use it without issue. So I have no idea
what's going on here or how to
I'll let Mark answer that, he's more knowledgeable in this area than I am. If I
find time in the next two weeks I can have a look but no promises about a
resolution. :)
Thoughts Mark?
> On 19 Feb 2020, at 23:01, Alberto Viana wrote:
>
> WIlliam,
>
> Would be helpful if I provide to you
Mark, any ideas what to look at next :S
Besides actually trying to setup and reproduce it which I think would be the
next step
> On 18 Feb 2020, at 05:45, Alberto Viana wrote:
>
> Hi Guys,
>
> Setup another environment 389 1.4.1.14 + windows 2016, still not working,
> exactly the
Hi Guys,
Setup another environment 389 1.4.1.14 + windows 2016, still not working,
exactly the same behavior.
:/
Cheers,
Alberto Viana
On Wed, Jan 29, 2020 at 8:19 PM Alberto Viana wrote:
> William,
>
> Yes, *other* attributes are replicated to AD normally (in all versions
> that I tested).
> On 30 Jan 2020, at 08:04, Alberto Viana wrote:
>
> Mark
>
> Again (my bad on copy and paste):
>
> dn: cn=AD-DF-DC01,cn=replica,cn=dc\3Dmy\2Cdc\3Ddomain,cn=mapping
> tree,cn=config
> objectClass: top
> objectClass: nsDSWindowsReplicationAgreement
> cn: AD-DF-DC01
> nsDS5ReplicaRoot:
Mark
Again (my bad on copy and paste):
dn: cn=AD-DF-DC01,cn=replica,cn=dc\3Dmy\2Cdc\3Ddomain,cn=mapping
tree,cn=config
objectClass: top
objectClass: nsDSWindowsReplicationAgreement
cn: AD-DF-DC01
nsDS5ReplicaRoot: dc=my,dc=domain
description: AD-DF-DC01
nsDS5ReplicaHost: gti-df-dc01.domain.local
How are you changing the password in DS?
Question, the The AD machine (gti-df-dc01.my.domain) is the Domain
Controller, right?
The entry looks off, but it might be because you did some find/replace
on some text. See comments below...
On 1/29/20 1:26 PM, Alberto Viana wrote:
Mark,
Mark,
here's:
dn: cn=AD-DF-DC01,cn=replica,cn=dc\3Drnp\2Cdc\3Dlocal,cn=mapping
tree,cn=config
objectClass: top
objectClass: nsDSowsReplicationAgreement
cn: AD-DF-DC01
nsDS5ReplicaRoot: dc=rnp,dc=local
description: AD-DF-DC01
nsDS5ReplicaHost: gti-df-dc01.my.domain
nsDS5ReplicaPort: 636
On 1/29/20 12:17 PM, Alberto Viana wrote:
Mark,
Already did that twice hehehehe
Do you think that's about config once all attributes except password
are sync'ed to AD? If it's about config, the log does not suppose to
show something?
389 -> AD (all attributes except password)
AD -> 389
Mark,
Already did that twice hehehehe
Do you think that's about config once all attributes except password are
sync'ed to AD? If it's about config, the log does not suppose to show
something?
389 -> AD (all attributes except password)
AD -> 389 (everthing works, including password)
Tried
Alberto,
Sorry I'm not sure what is wrong. Please review the documentation and
make sure you have everything setup correctly:
https://access.redhat.com/documentation/en-us/red_hat_directory_server/10/html/administration_guide/managing_the_password_policy-synchronizing_passwords
HTH,
Mark
Hi Guys,
My messages to list are being moderated (no sure why), trying again
William,
Right, so if you change a password on AD, does it properly change the
password to 389?
Yes.
And are you using a "ldapmodify userpassword" or "ldappasswd" to change the
password? What's the exact command you
William,
Right, so if you change a password on AD, does it properly change the
password to 389?
Yes.
And are you using a "ldapmodify userpassword" or "ldappasswd" to change the
password? What's the exact command you run against 389 to change the
password?
Tried 3 different ways:
1. ldapmodify
William,
Right, so if you change a password on AD, does it properly change the
password to 389?
Yes.
And are you using a "ldapmodify userpassword" or "ldappasswd" to change the
password? What's the exact command you run against 389 to change the
password?
Tried 3 different ways:
1. ldapmodify
> On 29 Jan 2020, at 10:15, Alberto Viana wrote:
>
> William,
>
> Sorry, my bad, it's not working
>
>
> The problem is the password is never sent to AD and it's just about password,
> any other replicated attribute that I modify sends the modification to AD
> normally.
Right, so if you
William,
Sorry, my bad, it's not working
The problem is the password is never sent to AD and it's just about
password, any other replicated attribute that I modify sends the
modification to AD normally.
When you say "I think that perhaps we need to exclude objectClass=* from
notes=U."
Where
> On 29 Jan 2020, at 10:01, Alberto Viana wrote:
>
> WIlliam,
>
> Thanks, I put in my company's roadmap to think about pay for support,
Great!
> I found the problem, it's about aci (the user manager replication permission)
Can you please describe the problem and solution more? That way I
WIlliam,
Thanks, I put in my company's roadmap to think about pay for support,
I found the problem, it's about aci (the user manager replication
permission)
After add permission to read the userpassword field, starts to works.
Again, Thanks!!!
On Tue, Jan 28, 2020 at 8:58 PM William Brown
> On 29 Jan 2020, at 09:24, Alberto Viana wrote:
>
> Hey Guys,
>
> Really lost here, don't know what else look or test, it's not working at all
> :/
Hey there,
Remember, the team is distributed around the world - I'm Australian for
example, so sometimes mailing list questions can take 24
Hey Guys,
Really lost here, don't know what else look or test, it's not working at
all :/
Any help is appreciated
Thanks
On Tue, Jan 28, 2020 at 3:48 PM Alberto Viana wrote:
> Hi Guys,
> 389-Directory/1.4.3.2
>
>
> The password sync from 389 to windows(2012) is not working:
>
> # dsconf RNP
25 matches
Mail list logo