Hi,
On Sun, Dec 18, 2022 at 7:10 PM Oleg Baranov via FreeIPA-users <
freeipa-users(a)lists.fedorahosted.org> wrote:
This stays out quite long and I faced absolutely the same behavior
adding 4.10.1 replica to 4.8.7.
Fiddled almost a week with that so posting my solution here in order to
(hopefully) save someone's time.
Problem was with password encryption scheme: 4.8.7 on an older CentOS
did not support PBKDF2-SHA512 used by 4.10.1 on FC37 so password
verification on older OS failed simply due to missing mechs. Logs did
not help to find the problem.
Switching to PBKDF2_SHA256 (not PBKDF2-SHA256) with
dsconf -D "cn=Directory Manager" -W ldaps://auth01.infra.ipa.local
config replace passwordStorageScheme=PBKDF2_SHA256
on FC37 made it work.
Use
dsconf -D "cn=Directory Manager" -W ldaps://auth01.infra.ipa.local
plugin list
to compare available mechs on master and new-added replica.
Thanks for the report. FYI it's a known 389-ds issue:
https://bugzilla.redhat.com/show_bug.cgi?id=2151071
flo
--
BR,
Oleg
_______________________________________________
FreeIPA-users mailing list -- freeipa-users(a)lists.fedorahosted.org
To unsubscribe send an email to freeipa-users-leave(a)lists.fedorahosted.org
Fedora Code of Conduct:
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines:
https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives:
https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedoraho...
Do not reply to spam, report it:
https://pagure.io/fedora-infrastructure/new_issue