[Fedora-directory-users] windows sync and password "clear"
by Luigi Santangelo
Hi everybody, this is my problem:
I configured my Fedora DS and now I can sync the LDAP's users with
Windows 2003 Active Directory. Then, I created a new user with this
code ldif
dn: uid=red,ou=Other,ou=Students,ou=People,dc=xxxxx,dc=xx
givenName: red
sn: red
objectClass: top
objectClass: person
objectClass: organizationalPerson
objectClass: inetorgperson
objectClass: ntuser
uid: red
ntUserCreateNewAccount: true
ntUserDeleteAccount: true
cn: red
ntUserDomainId: red
userPassword: redpwd
creatorsName: uid=root,ou=administrators,ou=topologymanagement,
o=netscaperoot
modifiersName: uid=root,ou=administrators,ou=topologymanagement,
o=netscaperoot
createTimestamp: 20080318153555Z
modifyTimestamp: 20080318153555Z
nsUniqueId: f8f6c801-f50011dc-80ebbfe2-cc3ccdae
Note that I wrote the user's password in "clear". Now, I can logon
the
Windows AD with the username red and the password redpwd.
Then I added another user (yellow) with this code ldif
dn: uid=yellow,ou=Other,ou=Students,ou=People,dc=xxxxx,dc=xx
givenName: yellow
sn: yellow
objectClass: top
objectClass: person
objectClass: organizationalPerson
objectClass: inetorgperson
objectClass: ntuser
uid: yellow
ntUserCreateNewAccount: true
ntUserDeleteAccount: true
cn: yellow
ntUserDomainId: yellow
userPassword: {MD5}8cb32079718c657b02bbbb176b97d030
creatorsName: uid=root,ou=administrators,ou=topologymanagement,
o=netscaperoot
modifiersName: uid=root,ou=administrators,ou=topologymanagement,
o=netscaperoot
createTimestamp: 20080318153555Z
modifyTimestamp: 20080318153555Z
nsUniqueId: f8f6c801-f50011dc-80ebbfe2-cc3ccdae
Note the MD5(yellowpwd) = 8cb32079718c657b02bbbb176b97d030
Then If I try logon the Windows AD (from Windows) with the username
yellow and the password yellowred, I cannot log in. Instead, if I try
logon the Windows AD with the username yellow and the
password {MD5}8cb32079718c657b02bbbb176b97d030 I can log in.
Do you think that this is a problem strictly related to Windows'
problem? How can I get over it?
Thank you in advance.
______________________________________________
Adotta un bambino a distanza. Avrà vestiti, cibo, scuola?e avrà te!
http://social.tiscali.it/promo/C02/sos/
16 years, 1 month
[Fedora-directory-users] Re: FDS 1.1 console doesn't show DS
by Ken Marsh
Hi again,
I think I have a small bug report.
I removed all RPM's related to FDS 1.1-4 and admin on my RHEL5.1/x86_64
system, rm -fr /etc/dirsrv/slapd-server, and reinstalled it and ran
setup-ds-admin.pl again using 3 for custom and saving the config data
locally this time.
I couldn't start the Admin Server on my custom port, so I tried 9830 and
it worked. I did the grep \^Listen /etc/dirsrv/admin-serv/console.conf
command as suggested in the documentation and it came up with 9830. My
terminal history was still scrollable and I can see for a fact that I
asked for a different port.
What's more, it did set that port correctly on the previous attempt when
I used "2" and saved data on a different DS. The admin server as desired
ran on my custom port. I also did the grep command after the first
attempt, and verified that it was running on my custom port.
I'm not sure if the bug exerted itself because of the reinstall over the
extant /etc/dirsrv/admin-serv directory and/or because I chose 3-custom
instead of 2.
This is a very small bug as there are two obvious workarounds; either
start the Admin console on the default port, or manually edit
/etc/dirsrv/admin-serv/console.conf, change it to the desired port, and
do a service dirsrv-admin stop and start.
-Ken.
16 years, 1 month
[Fedora-directory-users] SELinux policy for Fedora Directory Server 1.1.0
by Pär Aronsson
Hello,
Attached is a SELinux policy for the Fedora Directory Server 1.1.0.
It is composed of three parts.
* dirsrv - directory server and setup programs
* dirsrv-admin - administration server and setup programs
* fedora-idm-console - java based console for administration
The policies were developed on a CentOS 5.1 with the following packages:
fedora-ds-base-1.1.0-3.fc6
fedora-ds-admin-1.1.1-1.fc6
fedora-ds-console-1.1.0-5.fc6
selinux-policy-2.4.6-106.el5_1.3
kernel-2.6.18-53.1.4.el5
I've succesfully tested the policies in targeted and strict mode.
The dirsrv-admin policy requires that the apache policy module is loaded.
Also run:
setsebool -P httpd_enable_cgi on
Comment out the following in /usr/sbin/start-ds-admin (line 63-65):
if [ -x /usr/sbin/selinuxenabled ] && /usr/sbin/selinuxenabled; then
SELINUX_CMD="runcon -t unconfined_t --"
fi
I had trouble with the replication plugin so I haven't been able to do any
testing with replication.
Any comments are welcome.
// Pär Aronsson
16 years, 1 month
[Fedora-directory-users] How-To Password Policy/Account Locking/Samba Integration
by Alex Fauss
Hi List.
After reading a lot of topics on the list about password policy and
locking and samba integration ..., my brain is burning, because I can't
get it working.
Can someone point me to the right way?
A few words about my actual configuration.
OS: CentOS 5.1
FDS: 1.1
Samba: 3.x
ldap.conf:
pam_lookup_policy yes
pam_password exop
pam_password clear (for password history matching)
smb.conf:
encrypt passwords = yes
obey pam restrictions = no
pam password change = no
passwd chat debug = Yes
ldap passwd sync = no
unix password sync = yes
passwd program = /usr/sbin/smbldap-passwd -u %U
passwd chat = *Enter\snew\sUNIX\spassword:* %n\n
*Retype\snew\spassword:* %n\n .
fds:
Password policy enabled in "data-tab" plus fine-grained for another
sub-tree policy, where the users reside.
Thx
16 years, 1 month
[Fedora-directory-users] Log rotation problems
by Jazcek Braden
I have three FDS 1.0.4 servers, one master and replication clients. On
all three of them I have set the log files to rotate everynight at 2am.
On the two replica the logs rotate fine as expected, however on the
master whenever the log rotates it deletes the old log, which is causing
my to lose a lot of accounting information. Is there a way to debug why
this is happening?
--
Jazcek Braden
System Administrator
431 Dirac Science Library
Florida State University
Tallahassee, FL 32306-4120
Phone 850-644-6490
--
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.
16 years, 1 month
[Fedora-directory-users] FDS 1.1 console doesn't show DS
by Ken Marsh
Hi,
I installed FDS 1.1 on RHEL 5.1 x86-64 using the instructions in
http://directory.fedoraproject.org/wiki/Release_Notes . I used the same
answers that worked in previous 1.0.4-1 installs, choosing "2" and
storing the config data on a 1.0.4-1 server. I used a different Admin
port > 9830, using the same port that my other, older FDS systems use.
When I started fedora-idm-console, it didn't already know what URL to
use. I had to enter it manually (a step backwards from 1.0.4-1
installs). Once entered, a console came up, but under the Servers and
Applications tab there are no DS instances to administer.
When I try to Admin from the 1.0.4-1 server, I get a Java dump when
expanding the Server Group for the 1.1 server. At first empty icons for
Administration Server and Directory Server show up, but the DS link does
not work. Perhaps it is too much to ask to Admin a 1.1 from an older
version, but if I cannot also admin it from itself, what am I to do? I
am trying to lever up from three 1.0.4-1 DS to 1.1, and this is the
first step in the process.
Did I miss something on install or setup, or is there a bug in the RHEL
5.1/Fedora 6 x86_64 version, possibly related to choosing an alternate
admin port?
-Ken
16 years, 1 month
[Fedora-directory-users] Server-Admin - SSL error blocks ability to configure Admin Server component
by Carol Gibbons
Hello there,
I have Fedora DS v 1.0.4 installed on a Red Hat 4 workstation system.
I added a SSL certificate to the Fedora DS system today via command line.
But, the certificate hasn't been activated. The certificate is listed
correctly in java GUI Directory Server -> Manage Certificates panel.
When I go to the java GUI for the Administration Server and try to launch
Config Admin - I get an SSL error: SSL related initialization failed. I
also get this error when I click on the Manage Certificates button: Could
not open file in admin-serv-mail-cert8.db. I get an SSL error when I click
on any of the other admin server buttons.
I looked in the error logs for admin and slapd and no details are given.
System messages log doesn't have anything listed as expected.
Any ideas?
Thanks in advance,
Carol
16 years, 1 month
