[Fedora-directory-users] PassSync only working one way

Jeff Gamsby JFGamsby at lbl.gov
Wed Jun 14 16:06:04 UTC 2006 

Correct. It was not enabled when I first installed and configured 
PassSync. I tried to use ldapmodify to change the password, but that 
didn't work either.

To use ldapmodify, do I change UnicodePwd?

How do I generate UnicodePwd?

dn: cn=user,cn=users,dc=ad,dc=server,dc=com
changetype: modify
replace: unicodepwd
unicodepwd:

Thanks
Jeff
 

Nathan Kinder wrote:
> Jeff Gamsby wrote:
>>
>> Thanks for responding.
>> I have windows 2000, the default password policy is disabled by 
>> default, but I did turn it on to see if that was the problem and also 
>> tried more complex passwords when testing. Nothing has worked so far. 
>> I'm not even sure if there is any other tests that I can do, I've 
>> turned up the logging, but it still doesn't give me any clues as to 
>> what is going on.
> Are you saying that you enabled Active Directorys password complexity 
> option?  I'm pretty sure that is required for passwords to sync from 
> FDS -> AD.  You could also attempt to use ldapmodify against AD to 
> remotely change a users password over SSL as a test.
>
> It sounds like everything with the PassSync service is fine since 
> passwords are working from AD -> FDS.
>
> -NGK
>>
>> Thanks,
>> Jeff
>>
>> nattapon viroonsri wrote:
>>>
>>> When i add user or change password at fds side , it stuck with 
>>> windows (2003)  default password policy.
>>> So i  have to chage to more strict password or disable policy at ads ,
>>> then fds  sync with ads completely.( can log on to ads with same 
>>> password as fds user)
>>>
>>> im not sure this is  same case as you.
>>>
>>> Regards,
>>> Nattapon
>>>
>>>
>>>> From: Jeff Gamsby <JFGamsby at lbl.gov>
>>>> Reply-To: "General discussion list for the Fedora Directory server 
>>>> project." <fedora-directory-users at redhat.com>
>>>> To: "General discussion list for the Fedora Directory server 
>>>> project." <fedora-directory-users at redhat.com>
>>>> Subject: [Fedora-directory-users] PassSync only working one way
>>>> Date: Tue, 13 Jun 2006 15:08:03 -0700
>>>> MIME-Version: 1.0
>>>> Received: from hormel.redhat.com ([209.132.177.30]) by 
>>>> bay0-mc4-f5.bay0.hotmail.com with Microsoft SMTPSVC(6.0.3790.2444); 
>>>> Tue, 13 Jun 2006 15:08:15 -0700
>>>> Received: from listman.util.phx.redhat.com 
>>>> (listman.util.phx.redhat.com [10.8.4.110])by hormel.redhat.com 
>>>> (Postfix) with ESMTPid 7DA3A73550; Tue, 13 Jun 2006 18:08:12 -0400 
>>>> (EDT)
>>>> Received: from int-mx1.corp.redhat.com 
>>>> (int-mx1.corp.redhat.com[172.16.52.254])by 
>>>> listman.util.phx.redhat.com (8.13.1/8.13.1) with ESMTP 
>>>> idk5DM8BEP021980for 
>>>> <fedora-directory-users at listman.util.phx.redhat.com>;Tue, 13 Jun 
>>>> 2006 18:08:11 -0400
>>>> Received: from mx1.redhat.com (mx1.redhat.com [172.16.48.31])by 
>>>> int-mx1.corp.redhat.com (8.12.11.20060308/8.12.11) with ESMTP 
>>>> idk5DM8B7P010237for <fedora-directory-users at redhat.com>; Tue, 13 
>>>> Jun 2006 18:08:11 -0400
>>>> Received: from mta1.lbl.gov (mta1.lbl.gov [128.3.41.24])by 
>>>> mx1.redhat.com (8.12.11.20060308/8.12.11) with ESMTP 
>>>> idk5DM8ATa017845for <fedora-directory-users at redhat.com>; Tue, 13 
>>>> Jun 2006 18:08:10 -0400
>>>> Received: from mta1.lbl.gov (localhost [127.0.0.1])by mta1.lbl.gov 
>>>> (8.13.6/8.13.6) with ESMTP id k5DM83Do029430for 
>>>> <fedora-directory-users at redhat.com>;Tue, 13 Jun 2006 15:08:03 -0700 
>>>> (PDT)
>>>> Received: from [131.243.161.186] (charlie.lbl.gov 
>>>> [131.243.161.186])by mta1.lbl.gov (8.13.6/8.13.6) with ESMTP id 
>>>> k5DM82oT029426for <fedora-directory-users at redhat.com>;Tue, 13 Jun 
>>>> 2006 15:08:03 -0700 (PDT)
>>>> X-Message-Info: LsUYwwHHNt1YGVdsJHk9XJ3CjXqSQnQhAaTm5/PIsXI=
>>>> User-Agent: Thunderbird 1.5.0.4 (Windows/20060516)
>>>> X-Virus-Scanned: ClamAV 0.88.2/1538/Tue Jun 13 13:17:56 2006 on mta1
>>>> X-Virus-Status: Clean
>>>> X-RedHat-Spam-Score: 0 X-loop: fedora-directory-users at redhat.com
>>>> X-BeenThere: fedora-directory-users at redhat.com
>>>> X-Mailman-Version: 2.1.5
>>>> Precedence: junk
>>>> List-Id: "General discussion list for the Fedora Directory server 
>>>> project."<fedora-directory-users.redhat.com>
>>>> List-Unsubscribe: 
>>>> <https://www.redhat.com/mailman/listinfo/fedora-directory-users>,<mailto:fedora-directory-users-request at redhat.com?subject=unsubscribe> 
>>>>
>>>> List-Archive: <https://www.redhat.com/archives/fedora-directory-users>
>>>> List-Post: <mailto:fedora-directory-users at redhat.com>
>>>> List-Help: 
>>>> <mailto:fedora-directory-users-request at redhat.com?subject=help>
>>>> List-Subscribe: 
>>>> <https://www.redhat.com/mailman/listinfo/fedora-directory-users>,<mailto:fedora-directory-users-request at redhat.com?subject=subscribe> 
>>>>
>>>> Errors-To: fedora-directory-users-bounces at redhat.com
>>>> Return-Path: fedora-directory-users-bounces at redhat.com
>>>> X-OriginalArrivalTime: 13 Jun 2006 22:08:16.0215 (UTC) 
>>>> FILETIME=[DEE3D670:01C68F35]
>>>>
>>>> I thought that I had the PassSync working until I ran into this 
>>>> problem:
>>>>
>>>> Passwords are not synchronized from FDS to AD.  When accounts are 
>>>> added to FDS, they do show up in AD ( Although sometimes the cn 
>>>> attribute gets base64 encoded ), but I cannot authenticate to AD. 
>>>> When I change passwords in the FDS side, they are not changed ( or 
>>>> not sent ) to AD. If I change passwords in AD, they are changed in 
>>>> the FDS.
>>>>
>>>> The logs show that something is happening (changed host names and 
>>>> dn's)
>>>>
>>>> [13/Jun/2006:15:03:41 -0700] NSMMReplicationPlugin - agmt="cn=AD" 
>>>> (ad:636): No linger to cancel on the connection
>>>> [13/Jun/2006:15:03:41 -0700] NSMMReplicationPlugin - 
>>>> windows_acquire_replica returned success (101)
>>>> [13/Jun/2006:15:03:41 -0700] NSMMReplicationPlugin - agmt="cn=AD" 
>>>> (ad:636): State: ready_to_acquire_replica -> sending_updates
>>>> [13/Jun/2006:15:03:41 -0700] - _cl5PositionCursorForReplay 
>>>> (agmt="cn=AD" (ad:636)): Consumer RUV:
>>>> [13/Jun/2006:15:03:41 -0700] NSMMReplicationPlugin - agmt="cn=AD" 
>>>> (ad:636): {replicageneration} 448f18ae000000010000
>>>> [13/Jun/2006:15:03:41 -0700] NSMMReplicationPlugin - agmt="cn=AD" 
>>>> (ad:636): {replica 1 ldap://fds:389} 448f18e4000100010000 
>>>> 448f363d03d400010000 448f363d
>>>> [13/Jun/2006:15:03:41 -0700] - _cl5PositionCursorForReplay 
>>>> (agmt="cn=AD" (ad:636)): Supplier RUV:
>>>> [13/Jun/2006:15:03:41 -0700] NSMMReplicationPlugin - agmt="cn=AD" 
>>>> (ad:636): {replicageneration} 448f18ae000000010000
>>>> [13/Jun/2006:15:03:41 -0700] NSMMReplicationPlugin - agmt="cn=AD" 
>>>> (ad:636): {replica 1 ldap://fds:389} 448f18e4000100010000 
>>>> 448f363d03d700010000 448f363d
>>>> [13/Jun/2006:15:03:41 -0700] agmt="cn=AD" (ad:636) - session start: 
>>>> anchorcsn=448f363d03d400010000
>>>> [13/Jun/2006:15:03:41 -0700] NSMMReplicationPlugin - changelog 
>>>> program - agmt="cn=AD" (ad:636): CSN 448f363d03d400010000 found, 
>>>> position set for replay
>>>> [13/Jun/2006:15:03:41 -0700] agmt="cn=AD" (ad:636) - load=1 rec=1 
>>>> csn=448f363d03d600010000
>>>> [13/Jun/2006:15:03:41 -0700] NSMMReplicationPlugin - agmt="cn=AD" 
>>>> (ad:636): windows_replay_update: Looking at modify operation local 
>>>> dn="uid=user,ou=people,dc=server,dc=,dc=" (ours,user,not group)
>>>> [13/Jun/2006:15:03:41 -0700] NSMMReplicationPlugin - agmt="cn=AD" 
>>>> (ad:636): windows_replay_update: Processing modify operation local 
>>>> dn="uid=user,ou=people,dc=server,dc=,dc=" remote 
>>>> dn="<GUID=16f869dcfdde3d42bcb075fd4a1c7980>"
>>>>
>>>>
>>>> I'm not sure what is going on, I can talk via SSL from FDS to AD, 
>>>> and I'm assuming that the PassSync service is working properly 
>>>> since the changes from AD to FDS work.
>>>>
>>>> Any suggestions?
>>>>
>>>>
>>>> -- 
>>>> Fedora-directory-users mailing list
>>>> Fedora-directory-users at redhat.com
>>>> https://www.redhat.com/mailman/listinfo/fedora-directory-users
>>>
>>> _________________________________________________________________
>>> Express yourself instantly with MSN Messenger! Download today it's 
>>> FREE! http://messenger.msn.click-url.com/go/onm00200471ave/direct/01/
>>>
>>> -- 
>>> Fedora-directory-users mailing list
>>> Fedora-directory-users at redhat.com
>>> https://www.redhat.com/mailman/listinfo/fedora-directory-users
>>
>> -- 
>> Fedora-directory-users mailing list
>> Fedora-directory-users at redhat.com
>> https://www.redhat.com/mailman/listinfo/fedora-directory-users
>
> ------------------------------------------------------------------------
>
> --
> Fedora-directory-users mailing list
> Fedora-directory-users at redhat.com
> https://www.redhat.com/mailman/listinfo/fedora-directory-users
>

More information about the 389-users mailing list