After reviewing the debugging logs I realized the following,
When I create a new account, it isn't sync correctly to AD unless a select
"create new NT account" in the NT User form. Other than that, accounts
aren't added to the AD even if I ran the process "reinitialized AD"!
The problem I am facing now is how to add the new three fields for all of my
10000 user accounts before migrating to FDS and making sure that NT-Username
is as the same as Username!
Any body has ideas!
By the way, Daniel Thanks for your help :)
Regards,
Abdelrahman
-----Original Message-----
From: fedora-directory-users-bounces(a)redhat.com
[mailto:fedora-directory-users-bounces@redhat.com] On Behalf Of Daniel
Shackelford
Sent: Tuesday, April 04, 2006 10:33 PM
To: FedoraUsers
Subject: [Fedora-directory-users] Re: FDS AD Sync
It looks like your PassSync setup is working well. We should focus on
the FDS side of things. In your replication agreement, are you using
SSL and connecting to AD using port 636? Have you verified that you can
connect to AD via SSL using another LDAP client like JXplorer? You will
probably want to increase your logging level to include more replication
info.
In the console, you should change the settings for your error log to
include replication info:
1. Log into console
2. Open your directory server
3. Click on the Config tab
4. Expand the Logs tree on the left
5. Select Error Log
6. Scroll down the form on the right until you see the Log Level list
7. Ctl-click on the Replication entry
8. Click Save
Now you should be getting all replication data in your logs, in addition
to errors.
The following command will set up a ssl proxy on port 8638 that forwards
connections to
ADServer.domain.com. In the process it will decode the
ssl traffic, dump extra info, and continue listening after the first
connection, and dump everything into ~/ssltap.log
ssltap -sxl -p 8636 ADServer.domain.com:636 > ~/ssltap.log
In order to use this to debug replication you may have to set up a dummy
replication agreement, dummy OU and dummy users. Point to the local
host and port 8636 for the port, and then see what comes out. This is
totally and completely experimental on my part, and I have not done this
exact setup.
--
Daniel Shackelford
Systems Administrator
Technology Services
Spring Arbor University
517 750-6648
"For even the Son of Man did not come to be served, but to serve, and to
give His life a ransom for many"
Mark 10:45
--
Fedora-directory-users mailing list
Fedora-directory-users(a)redhat.com
https://www.redhat.com/mailman/listinfo/fedora-directory-users