[Fedora-directory-users] FDS AD Sync

[Daniel Shackelford]

I don't think it is an issue with settings in AD.  Server 2003 will 
automatically disable an account that is created with a blank password.  
This seems to fit with what you are seeing, since the account is 
immediately disabled in AD and the user is required to change their 
password.  Is your SSL setup working?  You can use ssltap (in 
/opt/fedora-ds/shared/bin if you used the installed defaults) to proxy 
the connections and see what is going (or not going) back and forth.  
Replication requires SSL in order to sync passwords, and unless it is 
set up correctly on both FDS and the DC with PassSync, you will not get 
any passwords, period.  What do your logs in FDS say when you add a 
user?  Are there any errors?  If the logs are not very informative, use 
the console to increase the log level.  Passwords are the trickiest part 
of this setup, simply because they require SSL/certificates and an extra 
app on the DC.  The wiki has detailed instructions.  If you need more 
help, posting error messages and log info would be very helpful.