3:31 a.m.
Hi!
I followed the steps of Red Hat document to implement Windows 2000 sync
with FDS. After my "initial re-synchronization" process was done, I
checked my directory tree.
I saw some entries like "cn=Domain Admins, ou=People, dc=example,
dc=com", and it contained "Members/Static Group - uid=Administrator, ,
ou=People, dc=example, dc=com"
in its properties. But I could not find the real entry dn named
"uid=Administrator, , ou=People, dc=example, dc=com" in my ds tree. Is
it the correct result? Or I did
something wrong with configuration. Please tell me how to fix the
problem. Thanks a lot.
Regards
Joe Yu
8:02 a.m.
I got the same result when i did it .I guess its normal
On 10/26/05, joe <joe(a)openpower.com.tw> wrote:
Hi!
I followed the steps of Red Hat document to implement Windows 2000 sync
with FDS. After my "initial re-synchronization" process was done, I checked
my directory tree.
I saw some entries like "cn=Domain Admins, ou=People, dc=example, dc=com",
and it contained "Members/Static Group - uid=Administrator, , ou=People,
dc=example, dc=com"
in its properties. But I could not find the real entry dn named
"uid=Administrator, , ou=People, dc=example, dc=com" in my ds tree. Is it
the correct result? Or I did
something wrong with configuration. Please tell me how to fix the problem.
Thanks a lot.
Regards
Joe Yu
--
Fedora-directory-users mailing list
Fedora-directory-users(a)redhat.com
https://www.redhat.com/mailman/listinfo/fedora-directory-users
--
Thanks and Regards
Nabeel Moidu
System Administrator
OnMobile System Inc
Bangalore, India
www.onmobile.com <http://www.onmobile.com>
If we don't believe in freedom of expression for people we despise, we don't
believe in it at all. Noam Chomsky
8:53 a.m.
joe wrote:
Hi!
I followed the steps of Red Hat document to implement Windows 2000
sync with FDS. After my "initial re-synchronization" process was done,
I checked my directory tree.
I saw some entries like "cn=Domain Admins, ou=People, dc=example,
dc=com", and it contained "Members/Static Group - uid=Administrator, ,
ou=People, dc=example, dc=com"
in its properties. But I could not find the real entry dn named
"uid=Administrator, , ou=People, dc=example, dc=com" in my ds tree. Is
it the correct result? Or I did
something wrong with configuration. Please tell me how to fix the
problem. Thanks a lot.
I think it's ok. Administrator is a "pseudo" user - it's only used for
Windows domain administration. I don't think it follows the schema for
a user. Does the Administrator entry have a full name or a surname?
There are other pseudo users that fall into this category, such as the
kerberos kdc user. You could probably fill in the missing attributes
and make it sync over, but it doesn't really matter unless you want to
use the Administrator entry on unix.
Regards
Joe Yu
------------------------------------------------------------------------
--
Fedora-directory-users mailing list
Fedora-directory-users(a)redhat.com
https://www.redhat.com/mailman/listinfo/fedora-directory-users
9:44 a.m.
Rich Megginson wrote:
I think it's ok. Administrator is a "pseudo" user -
it's only used
for Windows domain administration. I don't think it follows the
schema for a user. Does the Administrator entry have a full name or a
surname? There are other pseudo users that fall into this category,
such as the kerberos kdc user. You could probably fill in the missing
attributes and make it sync over, but it doesn't really matter unless
you want to use the Administrator entry on unix.
True (in fact, the special users in AD are not supposed to get sync'ed
at all),
but I'm puzzled about the group member being sync'ed. By design, only
group members that are also already present in the peer directory should
be sync'ed. Therefore, if things are working to plan, the Administrator user
should not be sync'ed, and neither should any group member that has its
DN.
9:53 p.m.
New subject: [Fedora-directory-users] Re: Aboout Winsync
於 三,2005-10-26 於 08:44 -0600,David Boreham 提到:
Rich Megginson wrote:
> I think it's ok. Administrator is a "pseudo" user - it's only
used
> for Windows domain administration. I don't think it follows the
> schema for a user. Does the Administrator entry have a full name or a
> surname? There are other pseudo users that fall into this category,
> such as the kerberos kdc user. You could probably fill in the missing
> attributes and make it sync over, but it doesn't really matter unless
> you want to use the Administrator entry on unix.
True (in fact, the special users in AD are not supposed to get sync'ed
at all),
but I'm puzzled about the group member being sync'ed. By design, only
group members that are also already present in the peer directory should
be sync'ed. Therefore, if things are working to plan, the Administrator user
should not be sync'ed, and neither should any group member that has its
DN.
Thanks for all of these answers. But I still have a problem with it. I
try to add some users in
my AD and fill their property values, such as full name, surname. Then I
invoke sync process
again and check my directory tree in my FDS. It still have no user sync
from AD. What's wrong
with it? Do I miss something important?
Regards
Joe
10:04 p.m.
New subject: [Fedora-directory-users] Re: Aboout Winsync
You did the full synchronization first? Did it go to completion? If
not, were there any errors in the error log? If so, did you wait 5
minutes (the default) for the users to be sync'd from AD to FDS after
making the updates on AD? You should also be able to do the Send
Updates Now from the console to pick up the changes.
joe wrote:
於 三,2005-10-26 於 08:44 -0600,David Boreham 提到:
>Rich Megginson wrote:
>
>> I think it's ok. Administrator is a "pseudo" user - it's only
used
>> for Windows domain administration. I don't think it follows the
>> schema for a user. Does the Administrator entry have a full name or a
>> surname? There are other pseudo users that fall into this category,
>> such as the kerberos kdc user. You could probably fill in the missing
>> attributes and make it sync over, but it doesn't really matter unless
>> you want to use the Administrator entry on unix.
>
>True (in fact, the special users in AD are not supposed to get sync'ed
>at all),
>but I'm puzzled about the group member being sync'ed. By design, only
>group members that are also already present in the peer directory should
>be sync'ed. Therefore, if things are working to plan, the Administrator user
>should not be sync'ed, and neither should any group member that has its
>DN.
>
>
>
Thanks for all of these answers. But I still have a problem with it. I
try to add some users in
my AD and fill their property values, such as full name, surname. Then
I invoke sync process
again and check my directory tree in my FDS. It still have no user
sync from AD. What's wrong
with it? Do I miss something important?
Regards
Joe
------------------------------------------------------------------------
--
Fedora-directory-users mailing list
Fedora-directory-users(a)redhat.com
https://www.redhat.com/mailman/listinfo/fedora-directory-users
9:06 a.m.
joe wrote:
I followed the steps of Red Hat document to implement Windows 2000
sync with FDS. After my "initial re-synchronization" process was done,
I checked my directory tree.
I saw some entries like "cn=Domain Admins, ou=People, dc=example,
dc=com", and it contained "Members/Static Group - uid=Administrator, ,
ou=People, dc=example, dc=com"
in its properties. But I could not find the real entry dn named
"uid=Administrator, , ou=People, dc=example, dc=com" in my ds tree. Is
it the correct result? Or I did
This looks wrong. The double comma in the DN should be illegal.
I don't believe this is a known problem -- I've never seen this
particular issue reported before.
Do you otherwise get correct sync results ?
i.e. do your regular users and groups get sync'ed ok ?
If you enable replication logging, then run a re-sync,
there will probably be something in the error log
pertaining to this entry. That might tell us what's going wrong.
6755
days inactive
6757
days old
389-users@lists.fedoraproject.org
6 comments
4 participants
participants (4)
-
David Boreham -
joe -
Nabeel Moidu -
Rich Megginson