[Fedora-directory-users] Winsync Problem with NT4
David Boreham
david_list at boreham.org
Wed Nov 23 15:57:34 UTC 2005
Hartmut Wöhrle wrote:
>I have a Problem while setting up a connection:
>I set up winsync at the PDC (not passwordsync up till now) and I try to
>initiate a first init-replication. Then nothing happens and the FDS says
>"Loop detected"
>
>
Hi, can you post the entire log segment where this shows up please ?
>But at the PDC side I see an entry in the usersync.log with tells me, which
>"uid=...." I'm using to connect.
>
>Maybe it is because I used the wrong password at the first try (PDC side)? I
>read in the manual that
>
>
Wrong password would just mean that the connection would fail. It
wouldn't have any
persistent effect.
>"After the service is installed and started the first time the password can
>only be changed via an LDAP modify operation, not the configuration file."
>
>Ldapmodify - where?? PDC or FDS side?
>
>
NTDS side (PDC machine). NTDS uses ApacheDS. ApacheDS stores
its password in its database. However originally it always initialized that
password to a known value. We were concerned about the security
implications of that and made a change to the ApacheDS code such that
the password is read from the config file rather than use the default value
(which would be the same for all installations). In order to force users
to set the password, I believe we refuse to function until it is set in the
config file. At least that's how I remember it. I'd need to look at the
code to be sure.
Anyway, the ldapmodify operation will be to the userpassword attribute
on the ApacheDS root entry. I'll look that up and post the command...
Your problem may be that you haven't set the password in the first place.
It should be possible to use ldapsearch to check that your ntds is up
and running and answering LDAP searches correctly. Once that's proven,
FDS should be able to sync with it ok using the same bind credentials
and password.
>But I'm not able to find the place where this PDC information would be stored
>in the FDS - so I guess ldapmodify at the PDC?
>Or is uninstall and re-install the only chance to fix it?
>
>
You shouldn't need to reinstall.
More information about the Fedora-directory-users
mailing list