Bennet Lingner wrote:
Something more:
On FreeIPA side there are built these errors too:
[15/Mar/2012:10:02:02 +0100] encrypt_encode_key - [file
ipapwd_encoding.c, line 451]: krb5_c_string_to_key failed [Invalid argument]
[15/Mar/2012:10:02:02 +0100] ipapwd_gen_hashes - [file
ipapwd_encoding.c, line 776]: key encryption/encoding failed
It is failing trying to create a Kerberos key out of the password. I'm
not sure why at the moment, that is a very strange message coming out of
the krb5 libs.
rob
*Von:*Bennet Lingner [mailto:[email protected]]
*Gesendet:* Donnerstag, 15. März 2012 10:34
*An:* '[email protected]'
*Betreff:* AW: Windows Password Synchronization Error
Hi,
Thank you for your reply.
Version of freeipa and 389 packages:
Freeipa server, python, admintools, client, server-selinux all in
2.1.4-5.fc16.i686
389-ds-base-1.2.10.3-1.fc16.i686 + libs
Platform is Fedora 16 3.2.9-2.fc16.i686.PAE on AMD Opteron CPU
Ldapmodify and ipa passwd are working perfectly, I’ve changed password
in this ways and passwords were synchronized.
So I conclude the problem is specific to AD Passsync?
If it is so, do I have the possibility on AD side too to set or try
something?
Best regards.
Bennet Lingner
*Von:*Rich Megginson [mailto:[email protected]]
*Gesendet:* Mittwoch, 14. März 2012 16:31
*An:* Bennet Lingner
*Betreff:* Re: Windows Password Synchronization Error
On 03/14/2012 06:29 AM, Bennet Lingner wrote:
Dear Mr. Megginson,
I’ve seen in www, that you are very involved in 389 directory server,
that’s why I decided to send this mail to you.
I hope you can help me.
I’m running a WIN2K8 R2 64 bit and a fedora Linux 32 bit with freeipa.
In the future, please use the [email protected]
<mailto:[email protected]> email list. Please also include the
versions of your freeipa and 389 packages:
rpm -qa|grep freeipa
rpm -qa|grep 389
There is a win sync agreement, which works very well, even the passwords
are synchronized.
The only problem is that:
If I set a new password on windows side with more than 2 special
characters, e.g. ‘!Mäusel 10’ or ‘!Rüdiger 20’
Then I get the passsync error:
03/14/12 12:26:13: Ldap error in ModifyPassword
1: Operations error
03/14/12 12:26:13: Modify Password failed for remote entry: uid=…
03/14/12 12:26:13: Deferring password change for …
Do you have any idea, if that could be or something else, what can I do?
What is your 389-ds-base version and platform?
Can you use ldapmodify to change the user password to one of the above
values? Can you use ipa-passwd? That is, is the problem specific to AD
PassSync, or is it a problem with these types of passwords in general?
Best regards.
Mit freundlichen Grüßen
Bennet Lingner
*Hochschule Anhalt *- ZIK
[email protected] <mailto:[email protected]>
Tel. +49 (0) 3496 67-5420
Fax +49 (0) 3496 67-95420
Bernburger Straße 55
06366 Köthen (Anhalt)
Hochschule Anhalt (FH) * Bernburger Straße 55 * D 06366 Köthen
Präsident Prof. Dr. Dr. h.c. Dieter Orzessek * Tel.: +49 (0) 3496 67
1000 * Fax +49 (0) 3496 67 1099
Betriebsnummer 030 77 111 * Umsatzsteuernummer DE 8140 92 585
Zuständige Aufsichtsbehörde Kultusministerium des Landes Sachsen-Anhalt,
PF 3765, 39012 Magdeburg
_______________________________________________
Freeipa-users mailing list
[email protected]
https://www.redhat.com/mailman/listinfo/freeipa-users
_______________________________________________
Freeipa-users mailing list
[email protected]
https://www.redhat.com/mailman/listinfo/freeipa-users
