RE: [Fedora-directory-users] Password history is not being enforced by the directory server
by Bliss, Aaron
It appears that this is an issue with the client; if I attempt change a
users password from within fds using a password that I've already used
for that user, I get a warning from fds indicating that it violates
password history rule. However, using passwd from a client allows usage
of old passwords.
Aaron
-----Original Message-----
From: fedora-directory-users-bounces(a)redhat.com
[mailto:fedora-directory-users-bounces@redhat.com] On Behalf Of Richard
Megginson
Sent: Thursday, January 19, 2006 10:59 AM
To: General discussion list for the Fedora Directory server project.
Subject: Re: [Fedora-directory-users] Password history is not being
enforced by the directory server
Bliss, Aaron wrote:
>I'm not sure why, but for some reason the directory servers are not
>enforcing password history policies. I've set the policy from within
>the fds console at the data level (as described in directory server
>documentation).
>
Did you set "Enable fine-grained password policy" under the
Configuration tab -> Data node -> Passwords tab? Because the console
will allow you to configure the fine grained password policy under the
Directory tab even if this is not set, but it will not take effect.
>Here is a sample ldap.conf file:
>
>pam_password exop
>pam_password clear
>pam_password md5
>ssl start_tls
>ssl on
>
>I'm running fds 1.0.1 on a redhat 4 box (actually have 2 directory
>servers, I've set this policy on both servers, supplier consumer
>replication is setup between them.
>
>I've verified that this is not enforced regardless if the client has
>ssl enabled or not.
>
Did you try ldapmodify from the command line to see if the problem is
with FDS or with PAM? e.g.
ldapmodify -D "uid=user,ou=people,dc=company,dc=com" -w currentpassword
dn: uid=user,ou=people,dc=company,dc=com
changetype: modify
replace: userPassword
userPassword: passwordinhistory
>Please advise as this is a highly critical issue that I must get fixed
>in order to move this into production. Thanks very much.
>
>Aaron
>
>www.preferredcare.org
>"An Outstanding Member Experience," Preferred Care HMO Plans -- J. D.
>Power and Associates
>
>Confidentiality Notice:
>The information contained in this electronic message is intended for
the exclusive use of the individual or entity named above and may
contain privileged or confidential information. If the reader of this
message is not the intended recipient or the employee or agent
responsible to deliver it to the intended recipient, you are hereby
notified that dissemination, distribution or copying of this information
is prohibited. If you have received this communication in error, please
notify the sender immediately by telephone and destroy the copies you
received.
>
>
>--
>Fedora-directory-users mailing list
>Fedora-directory-users(a)redhat.com
>https://www.redhat.com/mailman/listinfo/fedora-directory-users
>
>
www.preferredcare.org
"An Outstanding Member Experience," Preferred Care HMO Plans -- J. D. Power and Associates
Confidentiality Notice:
The information contained in this electronic message is intended for the exclusive use of the individual or entity named above and may contain privileged or confidential information. If the reader of this message is not the intended recipient or the employee or agent responsible to deliver it to the intended recipient, you are hereby notified that dissemination, distribution or copying of this information is prohibited. If you have received this communication in error, please notify the sender immediately by telephone and destroy the copies you received.
18 years, 3 months
[Fedora-directory-users] Password history is not being enforced by the directory server
by Bliss, Aaron
I'm not sure why, but for some reason the directory servers are not
enforcing password history policies. I've set the policy from within
the fds console at the data level (as described in directory server
documentation). Here is a sample ldap.conf file:
pam_password exop
pam_password clear
pam_password md5
ssl start_tls
ssl on
I'm running fds 1.0.1 on a redhat 4 box (actually have 2 directory
servers, I've set this policy on both servers, supplier consumer
replication is setup between them.
I've verified that this is not enforced regardless if the client has ssl
enabled or not. Please advise as this is a highly critical issue that I
must get fixed in order to move this into production. Thanks very much.
Aaron
www.preferredcare.org
"An Outstanding Member Experience," Preferred Care HMO Plans -- J. D. Power and Associates
Confidentiality Notice:
The information contained in this electronic message is intended for the exclusive use of the individual or entity named above and may contain privileged or confidential information. If the reader of this message is not the intended recipient or the employee or agent responsible to deliver it to the intended recipient, you are hereby notified that dissemination, distribution or copying of this information is prohibited. If you have received this communication in error, please notify the sender immediately by telephone and destroy the copies you received.
18 years, 3 months
[Fedora-directory-users] Console on Windows Server 2003
by Clayton Rogers
Hi everyone,
I have installed FDS on a few of my Linux servers however I want to run
an administrative console in Windows also. I have followed the
instructions in the how to (at least I think I have) however, when I run
the command:-
C:\fedora\java>java -ms8m -mx64m -cp
.;.\nmclf10.jar;.\base.jar;.\ldapjdk.jar;.\mcc10.jar;.\nmclf10_en.jar;.\mcc10_en.jar;.\jss3.jar
-Djava.library.path=..\lib\jss -Djava.util.prefs.systemRoot=.\.java
-Djava.util.prefs.userRoot=.com.netscape.management.client.console.Console
-D -a http://{server}:{port}/
Unrecognized option: -a
Could not create the Java virtual machine.
I receive the error as you see above unrecognized option: -a. I have
J2RE Runtime environment installed.
Any ideas?
Cheers
18 years, 3 months
Re: [Fedora-directory-users] Admin Server or Console problem
by Little Dragon
Hi Richard,
Yes. I see the http.worker processes in the process list.
****************************************************
Have you started the admin server using start-admin?
Just a thought....
Rich
On 18/01/06, Richard Megginson <rmeggins(a)redhat.com> wrote:
Little Dragon wrote:
>Hi,
>
>I have installed fedora-ds-1.0.1-1.FC4.i386.opt.rpm
>and SUN java: j2re-1_4_2_10-linux-i586.rpm
>Then set the JAVA_HOME env. Variable.
>
>After the Typical install the ldapsearch works (I get
results).
>(ldapsearch -x -h localhost -p 389 -b "o=NetscapeRoot")
>
>But I can not start the console.
>startconsole -u admin -a http://vpclinux:1500
>
>I always get the error:
>Cannot connect to the Admin Server "http://hostname:1500"
>The URL is not correct or the server is not running.
>
>
can you
telnet hostname 1500
?
can you use your web browser to connect to
http://hostname:1500/
?
>I can see the ns-slapd and httpd.worker processes running
>(one ns-slapd and 3 httpd.worker processes are running)
>
>I read all the docs on the web and the FAQ at redhat
>(Troubleshooting)
>Troubleshooting can not help:
>- there is no "admin-serv/config/jvm12.conf", (I
created but
>no effect)
>- there is no "<server-root>/bin/https/bin/start-jvm" file
>so I can not edit
>
>After 3 days I am out of ideas.
>
>Could anybody help?
>
>TIA,
>Laszlo
>--
>Fedora-directory-users mailing list
>Fedora-directory-users(a)redhat.com
>https://www.redhat.com/mailman/listinfo/fedora-directory-users
>
________________________________________________________________________
Képkidolgozás már bruttó 25,- Ft-tól! FotoMarket Online Fotóáruház
- már 5 éve az Ön fotószolgálatában: www.fotomarket.hu
18 years, 3 months
[Fedora-directory-users] cannot start admin
by adirek sanyakhuan
this is error log file =>"/opt/fedora-ds/admin-serv/logs"
[Thu Jan 19 08:55:14 2006] [crit] mod_admserv_post_config(): unable to
build user/group LDAP server info: unable to set User/Group baseDN
Configuration Failed
[Thu Jan 19 08:55:22 2006] [crit] mod_admserv_post_config(): unable to
build user/group LDAP server info: unable to set User/Group baseDN
Configuration Failed
[Thu Jan 19 08:55:31 2006] [crit] mod_admserv_post_config(): unable to
build user/group LDAP server info: unable to set User/Group baseDN
Configuration Failed
when I try start admin not success.
18 years, 3 months
[Fedora-directory-users] Samba & Fedora Directory Server Integration
by Oscar A. Valdez
I've followed the Samba & Fedora Directory Server Integration How-To
located at http://directory.fedora.redhat.com/wiki/Howto:Samba , and I'm
about to upload my user accounts into the DS. I have two questions
before I proceed, though:
1) At the end of the How-To, a "testuser" is added to the Samba server
with the "smbpasswd -a" command. Wouldn't the DS make the user accounts
visible to the Samba server, making it unecessary to add them via
smbpasswd? If it's really necessary to add the accounts via smbpasswd,
then the DS isn't really a backend to the Samba Server: they would be
acting in parallel.
2) The section on ldapsam of "The Official Samba-3 HOWTO and Reference
Guide"
(http://us4.samba.org/samba/docs/man/Samba3-HOWTO/passdb.html#id2559672)
mentions quite a few attributes for the sambaSamAccount ObjectClass,
such as sambaLogonTime, sambaLMPassword, sambaPrimaryGroupSID,
sambaAcctFlags, logoffTime, sambaKickoffTime, sambaPwdLastSet, sambaSID,
sambaPwdCanChange, sambaPwdMustChange, and sambaNTPassword, that are not
present in the ldif files generated by the openldap migrate_passwd.pl
script recommended by the How-To. How should these attributes be added,
if one follows the How-To?
--
Oscar A. Valdez
18 years, 3 months
[Fedora-directory-users] Another console problem
by James Wilde
Have not found any directly relevant solutions recently in the mailing
list. Hope I'm not duplicating something that's already been answered.
I'm running FDS 101 on RHEL 4. I have run the setup program to install
the administration server, and the installation completed with no
apparent errors. The setup.log indicates everything is in order and
encourages me to start the console.
When I do as it states, cd /opt/fedora-ds then ./startconsole -u admin
-a http://myserver.domain.com:1234/ I get a splash screen for the
console, including the words 'Please log in...', but no login window.
The prompt does not return either from ./startconsole command until I
press Ctrl-C, when the splash screen also disappears.
I have not been able to find any errors recorded in log files.
Any help would be appreciated.
//James
18 years, 3 months
[Fedora-directory-users] Admin Server or Console problem
by Little Dragon
Hi,
I have installed fedora-ds-1.0.1-1.FC4.i386.opt.rpm
and SUN java: j2re-1_4_2_10-linux-i586.rpm
Then set the JAVA_HOME env. Variable.
After the Typical install the ldapsearch works (I get results).
(ldapsearch -x -h localhost -p 389 -b "o=NetscapeRoot")
But I can not start the console.
startconsole -u admin -a http://vpclinux:1500
I always get the error:
Cannot connect to the Admin Server "http://hostname:1500"
The URL is not correct or the server is not running.
I can see the ns-slapd and httpd.worker processes running
(one ns-slapd and 3 httpd.worker processes are running)
I read all the docs on the web and the FAQ at redhat
(Troubleshooting)
Troubleshooting can not help:
- there is no "admin-serv/config/jvm12.conf", (I created but
no effect)
- there is no "<server-root>/bin/https/bin/start-jvm" file
so I can not edit
After 3 days I am out of ideas.
Could anybody help?
TIA,
Laszlo
________________________________________________________________________
Építs SAJÁT HONLAPOT! Zene, mozi, játék, chat frissesség és okosság
az új tiniportálon: www.g-portal.hu
18 years, 3 months
[Fedora-directory-users] login problem
by matt farey
Hi all,
we have not changed any profile settings, but while I am able to login
as root, users cannot log in, we get an out of disk space error, but
looking around there appears to be enough space.
does anyone know what can cause this, I was thinking log files, or
perhaps a permissions issue.
any help would be gratefully received.
matt
18 years, 3 months