To create users in AD through ldap standard ops you must:
- create the user without unicodePwd and userAccountControl stating the
entry is disabled (typically 514)
- add the unicodePwd (a plain text sorrounded by " " and converted to
unicode)
- modify the user to activate it;
Luigi VISINTIN wrote:
Hello,
I'm having lot of trouble within this scenario:
1) ActiveDir on W2k3, several other W2k3 with/without cluster + SqlServer
+ Oracle, then a couple of Linux (RedHat Entrepreise) clustered with
mail/web services.
2) added MS Services for Unix (SFU35) on AD, to enable authentication (and
mailbox creation) on the (Linux) mail server without hand creation of mail
users. On Linux we have Cyrus 2.2.12 for imap handling.
3) created a few users in AD by AD GUI, everything works OK also in mail
server
4) to add 700+ real users I wrote a script that takes all info from an XLS
file, then calls 'DSADD' and creates (successfully) all users INSIDE
several OU.
5) then tryed to access those users from mailserver, NOWAY, always get
'authenrication failure'.
After two+ days of trial and (a lot) of errors, and a lot of searches from
Google on: joeware, rallen, Guillaume Bordier, and (of course) MS sites
(and many others I don't cite...) I'm almost ready to give up.
I was also using LDIFDE to create users, but I keep getting a few errors,
like "Unwilling to perform", etc., and I was not able to find a place whit
exact definition of what is the MANDATORY attributes to create a user with
LDIFDE.
After a while I succeded in creating users from a script with all info I
think is neede, but still I have the problem of user not authenticating,
and don't know where to look...
Then I switched to a new script, which uses LDAP objects to create users,
as follows:
A. create the new user, in three step, part 1 adds the user, then part 2
adds other attributes, then part 3 reset userAccountControl, this last
because I tougth there was the culprit... ADS_UF_PASSWD_NOTREQD
'---- part 1
Set oDesOU =
GetObject("LDAP://OU=dirgen,OU=Risorse_Umane,DC=istge,DC=priv")
Set objUser = oDesOU.Create("user", "CN=GianFranco.Ciappina") objUser.Put
"cn","GianFranco.Ciappina"
objUser.Put "sAMAccountName","GianFranco.Ciappina"
objUser.SetInfo
'---- part 2
objUser.Put "userPrincipalName","[EMAIL PROTECTED]"
objUser.Put "msSFU30HomeDirectory","/home/gianfranco.ciappina"
objUser.Put "msSFU30LoginShell",usr.get("msSFU30LoginShell")
objUser.Put "msSFU30Name","GianFranco.Ciappina"
objUser.Put "msSFU30GidNumber",usr.get("msSFU30GidNumber")
objUser.Put "msSFU30UidNumber",usr.get("msSFU30UidNumber")
objUser.Put "msSFU30NisDomain",usr.get("msSFU30NisDomain")
objUser.Put "msSFU30Password","G*f*p*3*0*7*!"
objUser.SetInfo
'---- part 3
userActCtrl = objUser.Get("userAccountControl") ' ADS_UF_ACCOUNTDISABLE +
ADS_UF_PASSWD_NOTREQD + ADS_UF_DONT_EXPIRE_PASSWD userActCtrl =
userActCtrl And Not ( ADS_UF_PASSWD_NOTREQD) objUser.Put
"userAccountControl", userActCtrl objUser.SetInfo
'----
B. then DSMOD that user to add more attributes (this comes from a previous
version of the script, I hope to change also that part to use directly the
above objuser..., so the password is set once for Unix (SFU3.5) in part 2
above, then in this DSMOD for the actual Windows environment.
C. last step another DSMOD only to set " -canchpwd yes -mustchpwd yes"
At this point from the Linux (RHEL) I'm trying, using telnet on the cyrus
imap tool to authenticate, but here I get my error:
"badlogin [ip...] plaintext gianfranco.ciappina SASL(-13): authentication
failure: checkpass failed"
I've also checked (and subscribed to) activedir.org, but also there no
solution by now...
I'm going crazy.... Can anyone help me?
Thanks
Luigi VISINTIN
---
You are currently subscribed to ldap@umich.edu as: [EMAIL PROTECTED]
To unsubscribe send email to [EMAIL PROTECTED] with the word UNSUBSCRIBE as the
SUBJECT of the message.
Ing. Luca Scamoni
Responsabile Ricerca e Sviluppo
SysNet s.n.c.
Via Dossi, 8 - 27100 Pavia - ITALIA
http://www.sys-net.it
-------------------------------------
Office: +39.0382.573859 (137)
Mobile: +39.347.1014425
Email: [EMAIL PROTECTED]
-------------------------------------
---
You are currently subscribed to ldap@umich.edu as: [EMAIL PROTECTED]
To unsubscribe send email to [EMAIL PROTECTED] with the word UNSUBSCRIBE as the
SUBJECT of the message.