[Fedora-directory-users] Trouble getting windows to talk to fds
by Bliss, Aaron
Hi everyone,
I'm having trouble with the directions in the wiki that deals with
getting windows to sync with fds; I'm having trouble with this step;
there are 2 files in my /opt/fedora-ds/alias file; 1 is the cert
database, the other is the key database; are either of these the
parameters that I'm suppose to be passing the -P option below? Thanks
for your help.
Aaron
* From your Fedora Directory Server, export the server certificate
using pk12util.
cd "/opt/fedora-ds/alias/"
pk12util -d . -P slapd-<instance> -o servercert.p12 -n Server-Cert
Confidentiality Notice:
The information contained in this electronic message is intended for the exclusive use of the individual or entity named above and may contain privileged or confidential information. If the reader of this message is not the intended recipient or the employee or agent responsible to deliver it to the intended recipient, you are hereby notified that dissemination, distribution or copying of this information is prohibited. If you have received this communication in error, please notify the sender immediately by telephone and destroy the copies you received.
17 years, 6 months
[Fedora-directory-users] Checking password syntax issue with fds 1.0.2
by Bliss, Aaron
Hi everyone,
I have a global password policy setup defined as follows:
Minimum length 8
Min required digits 1
Min required upper case 1
Min required lower case 1
Min required special 1
Min required char categories 3
What I've found though is that fds seems to be ignoring the minimum
required character categories, as it will only accept passwords that
meet all of the above criteria; has anyone else seen this issue? Is
there anything else I can do to troubleshoot this? Thanks very much.
Aaron
Confidentiality Notice:
The information contained in this electronic message is intended for the exclusive use of the individual or entity named above and may contain privileged or confidential information. If the reader of this message is not the intended recipient or the employee or agent responsible to deliver it to the intended recipient, you are hereby notified that dissemination, distribution or copying of this information is prohibited. If you have received this communication in error, please notify the sender immediately by telephone and destroy the copies you received.
17 years, 6 months
[Fedora-directory-users] Console can't connect or get status of Directory Server
by Aaron Cline
Hi folks:
I've been playing with FDS and somehow I think I broke my setup. My console
can no longer get the correct "status" of my directory server. It says that
the DS is stopped though I can still query it so I don't think it is. Also,
when I try to open a DS window, the console tells me it can't connect.
I think the error is related to this:
[01/Nov/2006:10:42:40 +0000] conn=84 fd=66 slot=66 SSL connection from
192.168.225.240 to 192.168.225.240
[01/Nov/2006:10:42:40 +0000] conn=84 op=-1 fd=66 closed - No certificate
authority is trusted for SSL client authentication.
I'm using a Cert signed by Verisign so I'm not sure why this wouldn't work.
Can anyone shed some light? Maybe this is just a PKI problem that I don't
understand.
Also, I don't think I want SSL client authentication... I think I just want
SSL Server authentication. Did I turn something on that I shouldn't?
Thanks for any help.
Aaron
17 years, 6 months
[Fedora-directory-users] Linux password change/expiration issue
by Kyle Tucker
Hi,
I am trying to get password expiration to work on FC5/FDS 1.0.2
and having mixed results. I have set a user's shadowAccount attributes
as expired using the following values (with today being 13452):
shadowFlag: 0
shadowExpire: -1
shadowInactive: -1
shadowWarning: 0
shadowMax: 1
shadowMin: 1
shadowLastChange: 13452
All seems well when I log in.
You are required to change your LDAP password immediately.
Last login: Wed Nov 1 07:51:14 2006 from lin1000
WARNING: Your password has expired.
You must change your password now and login again!
Changing password for user fjones.
Enter login(LDAP) password:
New UNIX password:
Retype new UNIX password:
LDAP password information changed for fjones
passwd: all authentication tokens updated successfully.
Connection to lin2600 closed.
Except I get booted off and this is the /var/log/secure
Nov 1 07:55:18 lin2600 passwd: pam_unix(passwd:chauthtok): user "fjones" does not exist in /etc/passwd
Nov 1 07:55:29 lin2600 passwd: pam_unix(passwd:chauthtok): user "fjones" does not exist in /etc/passwd
Nov 1 07:55:29 lin2600 sshd[17557]: pam_unix(sshd:session): session closed for user fjones
Attempts to log in again accept the new password, which has changed in LDAP,
but I am asked to go through the same loop of changing the password again.
The shadow* attributes are NOT changed however. So that's either my culprit
or maybe the PAM password entries are not right. That looks like this:
password requisite pam_cracklib.so try_first_pass retry=3 password
sufficient pam_unix.so md5 shadow nullok try_first_pass use_authtok
password sufficient pam_ldap.so use_authtok
password required pam_deny.so
Finally, at the end of this document:
(http://directory.fedora.redhat.com/wiki/Howto:PAM)
It says to add the following to enable password expirations.
dn: cn=config
changetype: modify
add: passwordExp
passwordExp: on
-
add: passwordMaxAge
passwordMaxAge: 8640000
But my other tests seem to indicate some parts of expiration in fact
work. Is the above entry neccessary?
Thanks so much.
--
- Kyle
---------------------------------------------
kylet(a)panix.com http://www.panix.com/~kylet
---------------------------------------------
17 years, 6 months
[Fedora-directory-users] I need some help
by Junaid
Hi,
I m Student and doing my graduation in CS, i am working on my project Fedora Directory Server, can u help me how to authanticate Window XP client from Fedora Directory Sever.is there any extra configuration of software we required
Thankx
I m waiting for ur reply
---------------------------------
Check out the New Yahoo! Mail - Fire up a more powerful email and get things done faster.
17 years, 6 months
