We had the log level set to 1. Turns out, our AD server had to have our domain CA’s
certificate imported into the AD server’s personal certificate store. Apparently our
Windows admins have been doing this, but it wasn't documented in our procedures so
when we threw two new people at it, neither of us knew about the undocumented procedure.
Thanks!
Geoff Hardin
geoff.hardin(a)raytheon.com
This message contains information that may be confidential and privileged. Unless you are
the addressee (or authorized to receive mail for the addressee), you should not use, copy
or disclose to anyone this message or any information contained in this message. If you
have received this message in error, please so advise the sender by reply e-mail and
delete this message. Thank you for your cooperation.
From: Alberto Viana [mailto:albertocrj@gmail.com]
Sent: Thursday, December 21, 2017 07:19
To: General discussion list for the 389 Directory server project.
<389-users(a)lists.fedoraproject.org>
Subject: [External] [389-users] Re: 389 PassSync 1.1.7 and WIndows Server 2012R2
Hi,
Did you try change the log level?
HKEY_LOCAL_MACHINE\SOFTWARE\PasswordSync
Change LogLevel to 1 (If Im not wrong, the default is 0).
Restart the service and check de log again.
Hope that helps.
On Wed, Dec 20, 2017 at 6:28 PM, Geoff Hardin <geoff.hardin(a)raytheon.com> wrote:
We are implementing PassSync 1.1.7 in a Windows Server 2012R2 domain and I am not seeing
any indication the passsync.log file that passwords are being sent to the 389 DS. I have
confirmed that the PassSync service starts without an error on the two Active Directory
domain controllers, and the OU structure and user accounts have synced between Windows and
389. At this point, it just not sending password changes to the 389 DS. I was wondering if
there was documentation that described any required security settings within the Windows
domain? I am afraid that we have enabled some security setting in a GPO.
Geoff Hardin
geoff.hardin(a)raytheon.com
_______________________________________________
389-users mailing list -- 389-users(a)lists.fedoraproject.org
To unsubscribe send an email to 389-users-leave(a)lists.fedoraproject.org