[Fedora-directory-users] Announcing Fedora Directory Server version 1.1.1
by Rich Megginson
We are pleased to announce the release of Fedora Directory Server
1.1.1. This release is primarily a bug fix release, but does contain
some new features, mostly to support freeIPA.
Binary packages are available for Fedora 7, 8, 9, and rawhide. NOTE:
Fedora 6/RHEL5 binaries are not yet available. They will be shortly.
How to upgrade:
yum upgrade fedora-ds-base
No further setup should be required. This should restart the server -
if not, a manual restart (service dirsrv restart) is required for the
new code to take effect.
* Release Notes - http://directory.fedoraproject.org/wiki/Release_Notes
15 years, 2 months
[Fedora-directory-users] Scheduled Resync with Windows Sync?
by Glenn
It is difficult to know when a full resynchronization is necessary for a
given Windows Sync agreement. I would like to be able to start a full resync
from a cron script. Is this possible, or is there any other way to schedule
a full resync to run periodically without human intervention?
We are using Fedora Directory 1.04 on Red Hat EL4, synchronizing with Active
Directory running on Windows 2003 Server. Thanks. -G.
15 years, 2 months
[Fedora-directory-users] Simple Bind only in secured channel
by Dael Maselli
Hi all,
is there any method to deny simple bind operation unless in a secure
channel (SSL or STARTTLS)? Do I have to write a plug-in? Hints?
Thank you.
Dael Maselli.
--
___________________________________________________________________
Dael Maselli --- INFN-LNF Computing Service -- +39.06.9403.2214
___________________________________________________________________
Democracy is two wolves and a lamb voting on what to have for lunch
___________________________________________________________________
15 years, 3 months
[Fedora-directory-users] getting errors while running console on oracle linux 5
by UMESH PANWAR
Hi,
I am getting following error messages while trying to open console.
Exception in thread "main" java.lang.ExceptionInInitializerError
at com.sun.java.swing.plaf.windows.WindowsLookAndFeel.initialize(WindowsLookAndFeel.java:154)
at com.netscape.management.nmclf.SuiLookAndFeel.initialize(Unknown Source)
at javax.swing.UIManager.setLookAndFeel(UIManager.java:424)
at com.netscape.management.client.console.Console.common_init(Unknown Source)
at com.netscape.management.client.console.Console.<init>(Unknown Source)
at com.netscape.management.client.console.Console.main(Unknown Source)
Caused by: java.lang.NullPointerException
at java.lang.ClassLoader.loadLibrary0(ClassLoader.java:2159)
at java.lang.ClassLoader.loadLibrary(ClassLoader.java:1994)
at java.lang.Runtime.loadLibrary0(Runtime.java:824)
at java.lang.System.loadLibrary(System.java:908)
at sun.security.action.LoadLibraryAction.run(LoadLibraryAction.java:76)
at java.security.AccessController.doPrivileged1(Native Method)
at java.security.AccessController.doPrivileged(AccessController.java:287)
at java.awt.Toolkit.loadLibraries(Toolkit.java:1488)
at java.awt.Toolkit.<clinit>(Toolkit.java:1511)
... 6 more
Pls help me.
Umesh Panwar
+91-9829857475
15 years, 3 months
[Fedora-directory-users] Rhds8.0 with windows 2003 ADS PassSync Error
by lingu
Hi,
I am trying to integrate RHDS 8.0 with windows 2003 ADS on RHEL5 as per
the RHEL documentation for user/group and password sync from windows ADS.
I am using windows sync and Passsync . But i am facing problem with the
certificate creation.
*##########################################################################
Followed the below step in RHDS box runing on rhel5 to setup ssl.*
############################## #############################################
- vi pin.txt
secretpw
- Create a noise file for the encryption
vi noise.txt
dsadasdasdasdadasdasdasdasdsadfwerwerjfdksdjfksdlfhjsdk
- Create the key and certificate databases database
certutil -N -d . -f pin.txt (results, makes 3 files with db extension)
- Generate the encryption key
certutil -G -d . -z noise.txt -f pin.txt
- Generate the self-signed CA certificate
certutil -S -n "CA Certificate" -s "cn=CAcert" -x -t "CT,,"
-m 1000 -v 9999 -d . -z noise.txt -f pin.txt
(generates CA certificate and puts into db stores, can be verified with:
certutil –L –d . –n "Certificate Name", where Certificate Name is
CA Certificate)
- Generate the Directory Server Client Certificate
certutil -S -n "server-cert" -s
"cn=ldapproxy.example.com,cn=Directory Server" -c "CA Certificate" -t
"u,u,u" -m 1001 -v 9999 -d .
-z noise.txt -f pin.txt
- Convert to pkcs12 format (note these files will be used within the AD
system, and the prompted password for the commands below will need to match
password in pin.txt file)
pk12util -d . -o cacert.pk12 -n "CA Certificate"
pk12util -d . -o dscert.pk12 -n "server-cert"
###############################################################################################################################
*After that when i executed ldapsearch -x -ZZ it showing all the
entries properly on rhds rhel box,
so its indicates ssl was perfectly configured on RHDS*
##################################################################################################################################
*STEPS FOLLOWED ON WINDOWS 2003 ADS BOX to **Set up SSL on the Active
Directory Server*
*
windows ads domain: example.com
windows FQDN: testing.example.com
*
- Install a certificate authority in the Windows Components section in
Add/Remove Programs .
- Select the Enterprise Root CA option.
- Make sure to use the hostname as the DN serverX and then for the domain
dc=example,dc=com (note, this should resemble your FQDN)
- Reboot Windows Machine
- Log back in to the box...give it a little while, it's windows :-)
- Got to Start>>Run>>mmc
- Under File>>Add/Remove Snap-in
- Click Add, Click Certificates, Click Add, Click Computer Account, Click
Next and finish
- Go to Trusted Root Certificates>>Certificates>>Right Click>>All
Tasks>>Import
- Go to where you copied the pk12 files from earlier and import the
cacert.pk12 [CREATED IN RHDS RUNNING ON rhel ]
*Create DB Stores For PassSync in windows 2003 ads server*
- Copy .pk12 files that were put on Windows system to C:\Program
Files\Red Hat Directory Password Synchronization\
- In this directory run certutil -d . -N (from dos command)
- This creates empty db stores, next run the following to import your
dscert.pk12 into the key store
pk12util -d . -i dscert.pk12
- Then give trusted peer status to the server
certutil -d . -M -n server-cert -t "P,P,P"
*ERROR
When i executed the above command on windows 2003 ads box it giving
me following error
certutil.exe unable to decode trust strings error 0
Also the certificate created from rhel box using certutil
is showing validation date and expiration date as current date and
time in both CA Cert and Server-cert
i checked the certificate content by using
certutil –L –d . –n "Certificate Name"
certutil –L –d . –n "Server-cert"
Plz help me how to troubleshoot this error.
Regards
lingu
*
15 years, 3 months
[Fedora-directory-users] Module to Sync Novell eDirectory?
by kiran madala
Hello,
Its been great experimenting with fedora DS server, especially with the Active Directory and Novell Sync modules. Unfortunately since these cannot be store in back end MySql I would have to develop one myself. I know the AD Sync is done using DirSync module. I would like to know what module does fedora uses to sync the Novell Directory.
Any hint or help is appretiated.
Thank you.
_________________________________________________________________
Find hidden words, unscramble celebrity names, or try the ultimate crossword puzzle with Live Search Games. Play now!
http://g.msn.ca/ca55/212
15 years, 3 months
[Fedora-directory-users] Password Sometimes Replicated in Windows Sync
by Glenn
Here's an odd one. We have a Windows Sync agreement between Fedora Directory
1.04 and Active Directory. If we change a user's password on the domain
controller, the password is replicated to Fedora Directory. But if we change
the user's password on the user's Windows XP computer using Ctrl-Alt-Del, the
change is not replicated. Anyone got a solution to this? It was working a
few months ago. Thanks. -G.
15 years, 3 months
[Fedora-directory-users] Fedora-DS alias dereference problem.
by Sergey Kamshilin
Hi all,
I'd like to report it as a bug because I could not find any help on
forums neither in other sources...
It appears that Fedora-DS 1.1.0-3 does not dereference aliases even if
it asked for. So I have a simple example:
============
# ldapsearch -x -LLL -b "ou=Special Users,dc=lab,dc=convedia,dc=com" -a
always
dn: ou=Special Users,dc=lab, dc=convedia, dc=com
objectClass: top
objectClass: organizationalUnit
ou: Special Users
description: Special Administrative Accounts
dn: aliasedobjectname=ou\=DNS\,dc\=lab\,dc\=convedia\,dc\=com,ou=Special
Users ,dc=lab,dc=convedia,dc=com
aliasedObjectName: ou=DNS,dc=lab,dc=convedia,dc=com
objectClass: alias
objectClass: top
===============
Instead of "dn: aliasedobjectname=..." I would expect to see a DNS
subtree (DNS object).
Couple lines may be wrapped but the idea is that parameter "-a always"
is ignored. Is it a known issue? Is there any workarounds?
I have installed:
fedora-ds-1.1.0-3.fc6
fedora-ds-admin-1.1.2-2.fc6
fedora-ds-console-1.1.1-2.fc6
fedora-idm-console-1.1.1-1.fc6
fedora-admin-console-1.1.0-4.fc6
fedora-ds-base-1.1.0-3.fc6
Thank you in advance,
SergeyK
15 years, 3 months
Re: [Fedora-directory-users] can't connect to PDC
by yersinia
Likely are two different problem.
>
> "Transport endpoint is not connected" is a very - very - old XP problem
> http://wiki.samba.org/index.php/Samba_Myths
>
> If you set smb ports = 445 (raw smb aka CIFS port) in smb.conf the message
> disappear - naturally you are to be sure that
> you serve only XP o Vista client.
>
> For the LDAP problem the message don't tell me so much. So try
>
> smbcontrol smbd debug 10
>
> and read again the log messages.
>
> Regards
>
> On Mon, Jun 23, 2008 at 10:56 PM, Merle Reine <merle.reine(a)gmail.com>
> wrote:
>
>> I know this has been asked a million times but I read all the posts and
>> none answer my issue so I hope someone will know a fix.
>>
>> I have fc9 with samba as PDC connecting to FDS.
>>
>> Followed the how-to to the letter but can not get my windows machine to
>> connect to the domain.
>>
>> My domain is : ldap
>> Windows machine is in random workgroup not associated with samba at all.
>>
>> When I try to add to domain using root and pass (yes, it is setup on samba
>> server), I get the following:
>>
>>
>> "The following error occured attempting to join the domain "ldap":
>> A device attached to the system is not functioning.
>>
>> in /var/log/samba/samba.log:
>>
>> *[2008/06/23 13:53:44, 0] lib/util_sock.c:get_peer_addr_internal(1597)
>> getpeername failed. Error was Transport endpoint is not connected
>> [2008/06/23 13:53:44, 0] lib/util_sock.c:write_data(1059)
>> [2008/06/23 13:53:44, 0] lib/util_sock.c:get_peer_addr_internal(1597)
>> getpeername failed. Error was Transport endpoint is not connected
>> write_data: write failure in writing to client 0.0.0.0. Error
>> Connection reset
>> by peer
>> [2008/06/23 13:53:44, 0] smbd/process.c:srv_send_smb(74)
>> Error writing 4 bytes to client. -1. (Transport endpoint is not
>> connected)
>> [2008/06/23 13:53:44, 0] lib/util_sock.c:get_peer_addr_internal(1597)
>> getpeername failed. Error was Transport endpoint is not connected
>> [2008/06/23 13:53:44, 0] lib/util_sock.c:write_data(1059)
>> [2008/06/23 13:53:44, 0] lib/util_sock.c:get_peer_addr_internal(1597)
>> getpeername failed. Error was Transport endpoint is not connected
>> write_data: write failure in writing to client 0.0.0.0. Error
>> Connection reset
>> by peer
>> [2008/06/23 13:53:44, 0] smbd/process.c:srv_send_smb(74)
>> Error writing 4 bytes to client. -1. (Transport endpoint is not
>> connected)
>> [2008/06/23 13:53:44, 0] passdb/pdb_ldap.c:ldapsam_add_sam_account(2276)
>> ldapsam_add_sam_account: failed to modify/add user with uid = TEST$ (dn
>> = uid=
>> TEST$,ou=Computers,dc=gardenfreshcorp,dc=com)*
>>
>>
>> Any one have any ideas what I am missing?
>>
>> Thanks.
>>
>>
>>
>> Merle Reine
>> IT Manager Extraordinaire
>> Email Address: echo zreyr.ervar(a)tznvy.pbz | perl -pe 'y/a-z/n-za-m/'
>> --
>> Fedora-directory-users mailing list
>> Fedora-directory-users(a)redhat.com
>> https://www.redhat.com/mailman/listinfo/fedora-directory-users
>>
>>
>
15 years, 3 months
