[Fedora-directory-users] PassSync only working one way
nattapon viroonsri
nattaponv at hotmail.com
Wed Jun 14 12:38:00 UTC 2006
When i add user or change password at fds side , it stuck with windows
(2003) default password policy.
So i have to chage to more strict password or disable policy at ads ,
then fds sync with ads completely.( can log on to ads with same password as
fds user)
im not sure this is same case as you.
Regards,
Nattapon
>From: Jeff Gamsby <JFGamsby at lbl.gov>
>Reply-To: "General discussion list for the Fedora Directory server
>project." <fedora-directory-users at redhat.com>
>To: "General discussion list for the Fedora Directory server project."
><fedora-directory-users at redhat.com>
>Subject: [Fedora-directory-users] PassSync only working one way
>Date: Tue, 13 Jun 2006 15:08:03 -0700
>MIME-Version: 1.0
>Received: from hormel.redhat.com ([209.132.177.30]) by
>bay0-mc4-f5.bay0.hotmail.com with Microsoft SMTPSVC(6.0.3790.2444); Tue, 13
>Jun 2006 15:08:15 -0700
>Received: from listman.util.phx.redhat.com (listman.util.phx.redhat.com
>[10.8.4.110])by hormel.redhat.com (Postfix) with ESMTPid 7DA3A73550; Tue,
>13 Jun 2006 18:08:12 -0400 (EDT)
>Received: from int-mx1.corp.redhat.com
>(int-mx1.corp.redhat.com[172.16.52.254])by listman.util.phx.redhat.com
>(8.13.1/8.13.1) with ESMTP idk5DM8BEP021980for
><fedora-directory-users at listman.util.phx.redhat.com>;Tue, 13 Jun 2006
>18:08:11 -0400
>Received: from mx1.redhat.com (mx1.redhat.com [172.16.48.31])by
>int-mx1.corp.redhat.com (8.12.11.20060308/8.12.11) with ESMTP
>idk5DM8B7P010237for <fedora-directory-users at redhat.com>; Tue, 13 Jun 2006
>18:08:11 -0400
>Received: from mta1.lbl.gov (mta1.lbl.gov [128.3.41.24])by mx1.redhat.com
>(8.12.11.20060308/8.12.11) with ESMTP idk5DM8ATa017845for
><fedora-directory-users at redhat.com>; Tue, 13 Jun 2006 18:08:10 -0400
>Received: from mta1.lbl.gov (localhost [127.0.0.1])by mta1.lbl.gov
>(8.13.6/8.13.6) with ESMTP id k5DM83Do029430for
><fedora-directory-users at redhat.com>;Tue, 13 Jun 2006 15:08:03 -0700 (PDT)
>Received: from [131.243.161.186] (charlie.lbl.gov [131.243.161.186])by
>mta1.lbl.gov (8.13.6/8.13.6) with ESMTP id k5DM82oT029426for
><fedora-directory-users at redhat.com>;Tue, 13 Jun 2006 15:08:03 -0700 (PDT)
>X-Message-Info: LsUYwwHHNt1YGVdsJHk9XJ3CjXqSQnQhAaTm5/PIsXI=
>User-Agent: Thunderbird 1.5.0.4 (Windows/20060516)
>X-Virus-Scanned: ClamAV 0.88.2/1538/Tue Jun 13 13:17:56 2006 on mta1
>X-Virus-Status: Clean
>X-RedHat-Spam-Score: 0 X-loop: fedora-directory-users at redhat.com
>X-BeenThere: fedora-directory-users at redhat.com
>X-Mailman-Version: 2.1.5
>Precedence: junk
>List-Id: "General discussion list for the Fedora Directory server
>project."<fedora-directory-users.redhat.com>
>List-Unsubscribe:
><https://www.redhat.com/mailman/listinfo/fedora-directory-users>,<mailto:fedora-directory-users-request at redhat.com?subject=unsubscribe>
>List-Archive: <https://www.redhat.com/archives/fedora-directory-users>
>List-Post: <mailto:fedora-directory-users at redhat.com>
>List-Help: <mailto:fedora-directory-users-request at redhat.com?subject=help>
>List-Subscribe:
><https://www.redhat.com/mailman/listinfo/fedora-directory-users>,<mailto:fedora-directory-users-request at redhat.com?subject=subscribe>
>Errors-To: fedora-directory-users-bounces at redhat.com
>Return-Path: fedora-directory-users-bounces at redhat.com
>X-OriginalArrivalTime: 13 Jun 2006 22:08:16.0215 (UTC)
>FILETIME=[DEE3D670:01C68F35]
>
>I thought that I had the PassSync working until I ran into this problem:
>
>Passwords are not synchronized from FDS to AD. When accounts are added to
>FDS, they do show up in AD ( Although sometimes the cn attribute gets
>base64 encoded ), but I cannot authenticate to AD. When I change passwords
>in the FDS side, they are not changed ( or not sent ) to AD. If I change
>passwords in AD, they are changed in the FDS.
>
>The logs show that something is happening (changed host names and dn's)
>
>[13/Jun/2006:15:03:41 -0700] NSMMReplicationPlugin - agmt="cn=AD" (ad:636):
>No linger to cancel on the connection
>[13/Jun/2006:15:03:41 -0700] NSMMReplicationPlugin -
>windows_acquire_replica returned success (101)
>[13/Jun/2006:15:03:41 -0700] NSMMReplicationPlugin - agmt="cn=AD" (ad:636):
>State: ready_to_acquire_replica -> sending_updates
>[13/Jun/2006:15:03:41 -0700] - _cl5PositionCursorForReplay (agmt="cn=AD"
>(ad:636)): Consumer RUV:
>[13/Jun/2006:15:03:41 -0700] NSMMReplicationPlugin - agmt="cn=AD" (ad:636):
>{replicageneration} 448f18ae000000010000
>[13/Jun/2006:15:03:41 -0700] NSMMReplicationPlugin - agmt="cn=AD" (ad:636):
>{replica 1 ldap://fds:389} 448f18e4000100010000 448f363d03d400010000
>448f363d
>[13/Jun/2006:15:03:41 -0700] - _cl5PositionCursorForReplay (agmt="cn=AD"
>(ad:636)): Supplier RUV:
>[13/Jun/2006:15:03:41 -0700] NSMMReplicationPlugin - agmt="cn=AD" (ad:636):
>{replicageneration} 448f18ae000000010000
>[13/Jun/2006:15:03:41 -0700] NSMMReplicationPlugin - agmt="cn=AD" (ad:636):
>{replica 1 ldap://fds:389} 448f18e4000100010000 448f363d03d700010000
>448f363d
>[13/Jun/2006:15:03:41 -0700] agmt="cn=AD" (ad:636) - session start:
>anchorcsn=448f363d03d400010000
>[13/Jun/2006:15:03:41 -0700] NSMMReplicationPlugin - changelog program -
>agmt="cn=AD" (ad:636): CSN 448f363d03d400010000 found, position set for
>replay
>[13/Jun/2006:15:03:41 -0700] agmt="cn=AD" (ad:636) - load=1 rec=1
>csn=448f363d03d600010000
>[13/Jun/2006:15:03:41 -0700] NSMMReplicationPlugin - agmt="cn=AD" (ad:636):
>windows_replay_update: Looking at modify operation local
>dn="uid=user,ou=people,dc=server,dc=,dc=" (ours,user,not group)
>[13/Jun/2006:15:03:41 -0700] NSMMReplicationPlugin - agmt="cn=AD" (ad:636):
>windows_replay_update: Processing modify operation local
>dn="uid=user,ou=people,dc=server,dc=,dc=" remote
>dn="<GUID=16f869dcfdde3d42bcb075fd4a1c7980>"
>
>
>I'm not sure what is going on, I can talk via SSL from FDS to AD, and I'm
>assuming that the PassSync service is working properly since the changes
>from AD to FDS work.
>
>Any suggestions?
>
>
>--
>Fedora-directory-users mailing list
>Fedora-directory-users at redhat.com
>https://www.redhat.com/mailman/listinfo/fedora-directory-users
_________________________________________________________________
Express yourself instantly with MSN Messenger! Download today it's FREE!
http://messenger.msn.click-url.com/go/onm00200471ave/direct/01/
More information about the 389-users
mailing list