[Fedora-directory-users] PassSync only working one way

Wed Jun 14 12:38:00 UTC 2006

When i add user or change password at fds side , it stuck with windows 
(2003)  default password policy.
So i  have to chage to more strict password or disable policy at ads ,
then fds  sync with ads completely.( can log on to ads with same password as 
fds user)

im not sure this is  same case as you.

Regards,
Nattapon

>From: Jeff Gamsby <JFGamsby at lbl.gov>
>Reply-To: "General discussion list for the Fedora Directory server 
>project." <fedora-directory-users at redhat.com>
>To: "General discussion list for the Fedora Directory server project." 
><fedora-directory-users at redhat.com>
>Subject: [Fedora-directory-users] PassSync only working one way
>Date: Tue, 13 Jun 2006 15:08:03 -0700
>MIME-Version: 1.0
>Received: from hormel.redhat.com ([209.132.177.30]) by 
>bay0-mc4-f5.bay0.hotmail.com with Microsoft SMTPSVC(6.0.3790.2444); Tue, 13 
>Jun 2006 15:08:15 -0700
>Received: from listman.util.phx.redhat.com (listman.util.phx.redhat.com 
>[10.8.4.110])by hormel.redhat.com (Postfix) with ESMTPid 7DA3A73550; Tue, 
>13 Jun 2006 18:08:12 -0400 (EDT)
>Received: from int-mx1.corp.redhat.com 
>(int-mx1.corp.redhat.com[172.16.52.254])by listman.util.phx.redhat.com 
>(8.13.1/8.13.1) with ESMTP idk5DM8BEP021980for 
><fedora-directory-users at listman.util.phx.redhat.com>;Tue, 13 Jun 2006 
>18:08:11 -0400
>Received: from mx1.redhat.com (mx1.redhat.com [172.16.48.31])by 
>int-mx1.corp.redhat.com (8.12.11.20060308/8.12.11) with ESMTP 
>idk5DM8B7P010237for <fedora-directory-users at redhat.com>; Tue, 13 Jun 2006 
>18:08:11 -0400
>Received: from mta1.lbl.gov (mta1.lbl.gov [128.3.41.24])by mx1.redhat.com 
>(8.12.11.20060308/8.12.11) with ESMTP idk5DM8ATa017845for 
><fedora-directory-users at redhat.com>; Tue, 13 Jun 2006 18:08:10 -0400
>Received: from mta1.lbl.gov (localhost [127.0.0.1])by mta1.lbl.gov 
>(8.13.6/8.13.6) with ESMTP id k5DM83Do029430for 
><fedora-directory-users at redhat.com>;Tue, 13 Jun 2006 15:08:03 -0700 (PDT)
>Received: from [131.243.161.186] (charlie.lbl.gov [131.243.161.186])by 
>mta1.lbl.gov (8.13.6/8.13.6) with ESMTP id k5DM82oT029426for 
><fedora-directory-users at redhat.com>;Tue, 13 Jun 2006 15:08:03 -0700 (PDT)
>X-Message-Info: LsUYwwHHNt1YGVdsJHk9XJ3CjXqSQnQhAaTm5/PIsXI=
>User-Agent: Thunderbird 1.5.0.4 (Windows/20060516)
>X-Virus-Scanned: ClamAV 0.88.2/1538/Tue Jun 13 13:17:56 2006 on mta1
>X-Virus-Status: Clean
>X-RedHat-Spam-Score: 0 X-loop: fedora-directory-users at redhat.com
>X-BeenThere: fedora-directory-users at redhat.com
>X-Mailman-Version: 2.1.5
>Precedence: junk
>List-Id: "General discussion list for the Fedora Directory server 
>project."<fedora-directory-users.redhat.com>
>List-Unsubscribe: 
><https://www.redhat.com/mailman/listinfo/fedora-directory-users>,<mailto:fedora-directory-users-request at redhat.com?subject=unsubscribe>
>List-Archive: <https://www.redhat.com/archives/fedora-directory-users>
>List-Post: <mailto:fedora-directory-users at redhat.com>
>List-Help: <mailto:fedora-directory-users-request at redhat.com?subject=help>
>List-Subscribe: 
><https://www.redhat.com/mailman/listinfo/fedora-directory-users>,<mailto:fedora-directory-users-request at redhat.com?subject=subscribe>
>Errors-To: fedora-directory-users-bounces at redhat.com
>Return-Path: fedora-directory-users-bounces at redhat.com
>X-OriginalArrivalTime: 13 Jun 2006 22:08:16.0215 (UTC) 
>FILETIME=[DEE3D670:01C68F35]
>
>I thought that I had the PassSync working until I ran into this problem:
>
>Passwords are not synchronized from FDS to AD.  When accounts are added to 
>FDS, they do show up in AD ( Although sometimes the cn attribute gets 
>base64 encoded ), but I cannot authenticate to AD. When I change passwords 
>in the FDS side, they are not changed ( or not sent ) to AD. If I change 
>passwords in AD, they are changed in the FDS.
>
>The logs show that something is happening (changed host names and dn's)
>
>[13/Jun/2006:15:03:41 -0700] NSMMReplicationPlugin - agmt="cn=AD" (ad:636): 
>No linger to cancel on the connection
>[13/Jun/2006:15:03:41 -0700] NSMMReplicationPlugin - 
>windows_acquire_replica returned success (101)
>[13/Jun/2006:15:03:41 -0700] NSMMReplicationPlugin - agmt="cn=AD" (ad:636): 
>State: ready_to_acquire_replica -> sending_updates
>[13/Jun/2006:15:03:41 -0700] - _cl5PositionCursorForReplay (agmt="cn=AD" 
>(ad:636)): Consumer RUV:
>[13/Jun/2006:15:03:41 -0700] NSMMReplicationPlugin - agmt="cn=AD" (ad:636): 
>{replicageneration} 448f18ae000000010000
>[13/Jun/2006:15:03:41 -0700] NSMMReplicationPlugin - agmt="cn=AD" (ad:636): 
>{replica 1 ldap://fds:389} 448f18e4000100010000 448f363d03d400010000 
>448f363d
>[13/Jun/2006:15:03:41 -0700] - _cl5PositionCursorForReplay (agmt="cn=AD" 
>(ad:636)): Supplier RUV:
>[13/Jun/2006:15:03:41 -0700] NSMMReplicationPlugin - agmt="cn=AD" (ad:636): 
>{replicageneration} 448f18ae000000010000
>[13/Jun/2006:15:03:41 -0700] NSMMReplicationPlugin - agmt="cn=AD" (ad:636): 
>{replica 1 ldap://fds:389} 448f18e4000100010000 448f363d03d700010000 
>448f363d
>[13/Jun/2006:15:03:41 -0700] agmt="cn=AD" (ad:636) - session start: 
>anchorcsn=448f363d03d400010000
>[13/Jun/2006:15:03:41 -0700] NSMMReplicationPlugin - changelog program - 
>agmt="cn=AD" (ad:636): CSN 448f363d03d400010000 found, position set for 
>replay
>[13/Jun/2006:15:03:41 -0700] agmt="cn=AD" (ad:636) - load=1 rec=1 
>csn=448f363d03d600010000
>[13/Jun/2006:15:03:41 -0700] NSMMReplicationPlugin - agmt="cn=AD" (ad:636): 
>windows_replay_update: Looking at modify operation local 
>dn="uid=user,ou=people,dc=server,dc=,dc=" (ours,user,not group)
>[13/Jun/2006:15:03:41 -0700] NSMMReplicationPlugin - agmt="cn=AD" (ad:636): 
>windows_replay_update: Processing modify operation local 
>dn="uid=user,ou=people,dc=server,dc=,dc=" remote 
>dn="<GUID=16f869dcfdde3d42bcb075fd4a1c7980>"
>
>
>I'm not sure what is going on, I can talk via SSL from FDS to AD, and I'm 
>assuming that the PassSync service is working properly since the changes 
>from AD to FDS work.
>
>Any suggestions?
>
>
>--
>Fedora-directory-users mailing list
>Fedora-directory-users at redhat.com
>https://www.redhat.com/mailman/listinfo/fedora-directory-users

_________________________________________________________________
Express yourself instantly with MSN Messenger! Download today it's FREE! 
http://messenger.msn.click-url.com/go/onm00200471ave/direct/01/