Jeff Gamsby
2006-Oct-25 23:41 UTC
[Fedora-directory-users] WindowsSync password not synced when changed via ldapmodify
I came across this problem today. When changing passwords from the Fedora console, it works and syncs across to AD. When changing passwords using ''passwd'', it does not sync until pam_password is changed to ssha in ldap.conf. Then it syncs fine. When changing passwords via ldapmodify in SSHA form, passwords do not sync. Has anyone experienced this behavior? Does anyone have a solution? I''d like to change passwords via a PHP web interface. Thanks, Jeff
Nathan Kinder
2006-Oct-25 23:42 UTC
Re: [Fedora-directory-users] WindowsSync password not synced when changed via ldapmodify
Jeff Gamsby wrote:> > > I came across this problem today. > > When changing passwords from the Fedora console, it works and syncs > across to AD. > When changing passwords using ''passwd'', it does not sync until > pam_password is changed to ssha in ldap.conf. Then it syncs fine. > When changing passwords via ldapmodify in SSHA form, passwords do not > sync.FDS needs the clear text password in order to sync it to AD. The solution is to let FDS hash the password instead of doing it on the client side. -NGK> > Has anyone experienced this behavior? > > Does anyone have a solution? > > I''d like to change passwords via a PHP web interface. > > Thanks, > Jeff > > -- > Fedora-directory-users mailing list > Fedora-directory-users@redhat.com > https://www.redhat.com/mailman/listinfo/fedora-directory-users
Jeff Gamsby
2006-Oct-26 02:39 UTC
Re: [Fedora-directory-users] WindowsSync password not synced when changed via ldapmodify
> Jeff Gamsby wrote: >> >> >> I came across this problem today. >> >> When changing passwords from the Fedora console, it works and syncs >> across to AD. >> When changing passwords using ''passwd'', it does not sync until >> pam_password is changed to ssha in ldap.conf. Then it syncs fine. >> When changing passwords via ldapmodify in SSHA form, passwords do not >> sync. > FDS needs the clear text password in order to sync it to AD. The > solution is to let FDS hash the password instead of doing it on the > client side. > > -NGKI tried that, using ldapmodify with the clear text password. It didn''t work. It''s funny, because that''s what I thought, but I had to uncomment pam_password ssha in order for it to work using passwd from a shell. I''ll give it another try. Thanks Jeff>> >> Has anyone experienced this behavior? >> >> Does anyone have a solution? >> >> I''d like to change passwords via a PHP web interface. >> >> Thanks, >> Jeff >> >> -- >> Fedora-directory-users mailing list >> Fedora-directory-users@redhat.com >> https://www.redhat.com/mailman/listinfo/fedora-directory-users > > -- > Fedora-directory-users mailing list > Fedora-directory-users@redhat.com > https://www.redhat.com/mailman/listinfo/fedora-directory-users >
Jeff Gamsby
2006-Oct-26 02:56 UTC
Re: [Fedora-directory-users] WindowsSync password not synced when changed via ldapmodify
> Jeff Gamsby wrote: >> >> >> I came across this problem today. >> >> When changing passwords from the Fedora console, it works and syncs >> across to AD. >> When changing passwords using ''passwd'', it does not sync until >> pam_password is changed to ssha in ldap.conf. Then it syncs fine. >> When changing passwords via ldapmodify in SSHA form, passwords do not >> sync. > FDS needs the clear text password in order to sync it to AD. The > solution is to let FDS hash the password instead of doing it on the > client side. > > -NGKOK, Thanks it works now. I wasn''t meeting the password complexity requirements. Thanks Jeff>> >> Has anyone experienced this behavior? >> >> Does anyone have a solution? >> >> I''d like to change passwords via a PHP web interface. >> >> Thanks, >> Jeff >> >> -- >> Fedora-directory-users mailing list >> Fedora-directory-users@redhat.com >> https://www.redhat.com/mailman/listinfo/fedora-directory-users > > -- > Fedora-directory-users mailing list > Fedora-directory-users@redhat.com > https://www.redhat.com/mailman/listinfo/fedora-directory-users >
Nathan Kinder
2006-Oct-26 04:16 UTC
Re: [Fedora-directory-users] WindowsSync password not synced when changed via ldapmodify
Jeff Gamsby wrote:>> Jeff Gamsby wrote: >> >>> I came across this problem today. >>> >>> When changing passwords from the Fedora console, it works and syncs >>> across to AD. >>> When changing passwords using ''passwd'', it does not sync until >>> pam_password is changed to ssha in ldap.conf. Then it syncs fine. >>> When changing passwords via ldapmodify in SSHA form, passwords do not >>> sync. >>> >> FDS needs the clear text password in order to sync it to AD. The >> solution is to let FDS hash the password instead of doing it on the >> client side. >> >> -NGK >> > > OK, Thanks it works now. I wasn''t meeting the password complexity > requirements. >If you turn on password syntax checking on the FDS side, the default settings match that of AD''s password complexity requirements. -NGK> Thanks > > Jeff > >>> Has anyone experienced this behavior? >>> >>> Does anyone have a solution? >>> >>> I''d like to change passwords via a PHP web interface. >>> >>> Thanks, >>> Jeff >>> >>> -- >>> Fedora-directory-users mailing list >>> Fedora-directory-users@redhat.com >>> https://www.redhat.com/mailman/listinfo/fedora-directory-users >>> >> -- >> Fedora-directory-users mailing list >> Fedora-directory-users@redhat.com >> https://www.redhat.com/mailman/listinfo/fedora-directory-users >> >> > > > -- > Fedora-directory-users mailing list > Fedora-directory-users@redhat.com > https://www.redhat.com/mailman/listinfo/fedora-directory-users >