WindowsSync password not synced when changed via ldapmodify

 I came across this problem today.

When changing passwords from the Fedora console, it works
and syncs 
across to AD.
When changing passwords using 'passwd', it does not sync
until 
pam_password is changed to ssha in ldap.conf. Then it syncs
fine.
When changing passwords via ldapmodify in SSHA form,
passwords do not sync.

Has anyone experienced this behavior?

Does anyone have a solution?

I'd like to change passwords via a PHP web interface.

Thanks,
Jeff

--
Fedora-directory-users mailing list
Fedora-directory-usersredhat.com
https://www.redhat.com/mailman/listinfo/fedora-dir
ectory-users

Jeff Gamsby wrote:
>
>
> I came across this problem today.
>
> When changing passwords from the Fedora console, it
works and syncs 
> across to AD.
> When changing passwords using 'passwd', it does not
sync until 
> pam_password is changed to ssha in ldap.conf. Then it
syncs fine.
> When changing passwords via ldapmodify in SSHA form,
passwords do not 
> sync.
FDS needs the clear text password in order to sync it to AD.
 The 
solution is to let FDS hash the password instead of doing it
on the 
client side.

-NGK
>
> Has anyone experienced this behavior?
>
> Does anyone have a solution?
>
> I'd like to change passwords via a PHP web interface.
>
> Thanks,
> Jeff
>
> -- 
> Fedora-directory-users mailing list
> Fedora-directory-usersredhat.com
> https://www.redhat.com/mailman/listinfo/fedora-dir
ectory-users

--
Fedora-directory-users mailing list
Fedora-directory-usersredhat.com
https://www.redhat.com/mailman/listinfo/fedora-dir
ectory-users

> Jeff Gamsby wrote:
>>
>>
>> I came across this problem today.
>>
>> When changing passwords from the Fedora console, it
works and syncs
>> across to AD.
>> When changing passwords using 'passwd', it does not
sync until
>> pam_password is changed to ssha in ldap.conf. Then
it syncs fine.
>> When changing passwords via ldapmodify in SSHA
form, passwords do not
>> sync.
> FDS needs the clear text password in order to sync it
to AD.  The
> solution is to let FDS hash the password instead of
doing it on the
> client side.
>
> -NGK

 I tried that, using ldapmodify with the clear text
password. It didn't
work. It's funny, because that's what I thought, but I had
to uncomment
pam_password ssha in order for it to work using passwd from
a shell.

I'll give it another try.

Thanks

Jeff
>>
>> Has anyone experienced this behavior?
>>
>> Does anyone have a solution?
>>
>> I'd like to change passwords via a PHP web
interface.
>>
>> Thanks,
>> Jeff
>>
>> --
>> Fedora-directory-users mailing list
>> Fedora-directory-usersredhat.com
>> https://www.redhat.com/mailman/listinfo/fedora-dir
ectory-users
>
> --
> Fedora-directory-users mailing list
> Fedora-directory-usersredhat.com
> https://www.redhat.com/mailman/listinfo/fedora-dir
ectory-users
>


--
Fedora-directory-users mailing list
Fedora-directory-usersredhat.com
https://www.redhat.com/mailman/listinfo/fedora-dir
ectory-users

> Jeff Gamsby wrote:
>>
>>
>> I came across this problem today.
>>
>> When changing passwords from the Fedora console, it
works and syncs
>> across to AD.
>> When changing passwords using 'passwd', it does not
sync until
>> pam_password is changed to ssha in ldap.conf. Then
it syncs fine.
>> When changing passwords via ldapmodify in SSHA
form, passwords do not
>> sync.
> FDS needs the clear text password in order to sync it
to AD.  The
> solution is to let FDS hash the password instead of
doing it on the
> client side.
>
> -NGK

 OK, Thanks it works now. I wasn't meeting the password
complexity
requirements.

Thanks

Jeff
>>
>> Has anyone experienced this behavior?
>>
>> Does anyone have a solution?
>>
>> I'd like to change passwords via a PHP web
interface.
>>
>> Thanks,
>> Jeff
>>
>> --
>> Fedora-directory-users mailing list
>> Fedora-directory-usersredhat.com
>> https://www.redhat.com/mailman/listinfo/fedora-dir
ectory-users
>
> --
> Fedora-directory-users mailing list
> Fedora-directory-usersredhat.com
> https://www.redhat.com/mailman/listinfo/fedora-dir
ectory-users
>


--
Fedora-directory-users mailing list
Fedora-directory-usersredhat.com
https://www.redhat.com/mailman/listinfo/fedora-dir
ectory-users

Jeff Gamsby wrote:
>> Jeff Gamsby wrote:
>>     
>>> I came across this problem today.
>>>
>>> When changing passwords from the Fedora
console, it works and syncs
>>> across to AD.
>>> When changing passwords using 'passwd', it does
not sync until
>>> pam_password is changed to ssha in ldap.conf.
Then it syncs fine.
>>> When changing passwords via ldapmodify in SSHA
form, passwords do not
>>> sync.
>>>       
>> FDS needs the clear text password in order to sync
it to AD.  The
>> solution is to let FDS hash the password instead of
doing it on the
>> client side.
>>
>> -NGK
>>     
>
>  OK, Thanks it works now. I wasn't meeting the password
complexity
> requirements.
>   
If you turn on password syntax checking on the FDS side, the
default 
settings match that of AD's password complexity
requirements.

-NGK
> Thanks
>
> Jeff
>   
>>> Has anyone experienced this behavior?
>>>
>>> Does anyone have a solution?
>>>
>>> I'd like to change passwords via a PHP web
interface.
>>>
>>> Thanks,
>>> Jeff
>>>
>>> --
>>> Fedora-directory-users mailing list
>>> Fedora-directory-usersredhat.com
>>> https://www.redhat.com/mailman/listinfo/fedora-dir
ectory-users
>>>       
>> --
>> Fedora-directory-users mailing list
>> Fedora-directory-usersredhat.com
>> https://www.redhat.com/mailman/listinfo/fedora-dir
ectory-users
>>
>>     
>
>
> --
> Fedora-directory-users mailing list
> Fedora-directory-usersredhat.com
> https://www.redhat.com/mailman/listinfo/fedora-dir
ectory-users
>   

--
Fedora-directory-users mailing list
Fedora-directory-usersredhat.com
https://www.redhat.com/mailman/listinfo/fedora-dir
ectory-users