I have FDS configured in the server. There are windows and Linux client in
our network. Windows users also have Linux.
Linux clients are authenticating to fds. Samba server is running in a
different server and refers to the fds server(ldapbackend). For windows i
had to create a separate password with smbpasswd -a username for each user
which means samba password can be different from Linux password. Also the
password policy doesn't apply to the smbpasswd i create.
Is there a way to use one password for both windows and linux logins?
I was wondering what the best way to setup multi-master replication was when
multiple suffixes exist on each supplier.
Should we first setup each supplier with the same root suffix in the
userRoot DB, then setup replication. Then create the 2nd suffix in a
separare database and setup replication for this suffix ...
I'm currently trying to use the mmr script to setup replication without succes.
I have 2 Fedora DS servers running each with a different suffix in
their userRoot and would like to setup replication te each other.
Thanks in advance,
I tried the following:
In windows registry->HKLM->Software->PasswordSync, try add string value Log
Level and set it to 1. Restart the passsync service. This should log
all transactions and errors. Turn this back to "0" and restart passsync
All I see in the log is this:
11/30/06 09:12:58: begin log
11/30/06 09:12:59: 0 new entries loaded from file
11/30/06 09:14:20: 0 new entries loaded from file
11/30/06 09:14:20: 0 entries saved to file
11/30/06 09:14:20: end log
11/30/06 09:14:22: begin log
11/30/06 09:14:22: 0 new entries loaded from file
Thats after restarting the passsync service twice, and changing a users
password in AD four times.
I've installed FDS 1.0.4 on test system with only 256MiBs of RAM. Now I
want to test performance and when I've started to query FDS with
ldapsearch on my full LDAP tree the load of linux box raised to 12 but
FDS memory usage stays @ 90-110MiBs of ram, regardless of that I've
added RAM and now linux box has 2048MiBs. Is there any option to set for
FDS, that it uses more ram for cache or some other purpose?
Has anyone had any thoughts on my query or can point me in the right
As is the nature of AD, I would have thought it is possible to extract
this information using a scope setting or something similar.
[mailto:email@example.com] On Behalf Of Paxton,
Sent: 24 November 2006 14:56
Subject: [Fedora-directory-users] Extracting details from Active
I've been tinkering with integrating our Linux devices into our
AD domain for some time and I've hit a few brick walls, however I've
recently discovered FDS and the synchronisation features with AD.
I've managed to set up a few replication jobs, however due to
the extensive nature of our AD, I've realised that the sync only takes
the group and user objects from the OU or CN being specified.
Is there any way I can specify that it should traverse all
subtrees of an OU and extract all that information back into FDS?
Red Hat Certified Engineer
VMware Certified Professional
MGTI Centralised ops
Assuming I get Directory Server working, is there a web-based editor that
our help desk and HR people can use to add and delete users and change
passwords? What's the best way to set this up? Thanks. -Glenn.
forgive my ignorance of ldap; i'm just beginning. we want to set up a
directory server which contains all the attributes except one. the other
attribute we want to retrive from an ActiveDirectory Server. in other
words, the client will issue a search query to the directory server
and the directory server should return the combined list of attributes
from this directory server and the AD server. can this be done with chaining?
Is there a way to setup FDS to lockout an account after $number of failed
login attempts ? If so under ideal circumstances the account would only be
locked for a certain amount of time. I have checked google, and the wiki.
Nothing particularly useful, though a few people mention custom scripts to
handle this sort of thing.
I'm still trying to get my evaluation copy of Red Hat Directory Server
7.1SP3 to sync with Windows Active Directory. The latest hitch is an error
message following an initial re-synchronization attempt. The Directory
Server has a few hundred users imported from a Windows NT domain. The
Active Directory server has none of those users, so the initial re-sync
should add them to AD. The error occurs when Windows Sync tries to add the
first user entry to the Active Directory. The message is:
Attempting to add entry cn=John Doe,ou=Domain Users,dc=ad,dc=example,dc=com
to AD for local entry uid=jdoe,ou=people,o=ourorg.com
(ADserver:636): Received result code 21 (00000057: LdapErr: DSID-0C090B38,
comment: Error in attribute conversion operation, data 0, vece) for add
I would appreciate any insight. Hoping to see if this actually works before
the 30-day evaluation runs out. Thanks. -Glenn.