[389-users] Passsync not changing passwords

Daniel Franciscus dfrancis at ias.edu
Wed Feb 18 23:19:08 UTC 2015 

Ah, I do not see passhook.dat or passhook.log. I tried uninstalling and re-installing but I still do not see those files there. 









Dan Franciscus 
Systems Administrator 
Information Technology Group 
Institute for Advanced Study 
609-734-8138 


----- Original Message -----

From: "Noriko Hosoi" <nhosoi at redhat.com> 
To: 389-users at lists.fedoraproject.org 
Sent: Wednesday, February 18, 2015 5:24:33 PM 
Subject: Re: [389-users] Passsync not changing passwords 


On 02/18/2015 11:45 AM, Daniel Franciscus wrote: 



Yes, logging is set to 1. No errors at all, as if passsync is not detecting a password change. 

Sorry, I was not precise about the passhook log. 

cd C:\windows\system32 
ls passhook* 

You should be able to see 3 files: passhook.dat, passhook.dll, and passhook.log. 

Do you see any logs in the passhook.log file? For instance, my test shows these messages on successful sync. Do you see them? 

<blockquote>
02/18/15 14:16:34 user AD_sync_user6 password changed 
02/18/15 14:16:34 0 entries loaded from file 
02/18/15 14:16:34 1 entries saved to file 

</blockquote>
If empty even if you update any password on AD, you may need to reboot the Windows machine... 


<blockquote>

I am going to reboot the server after production hours again to see if that resolves it. 









Dan Franciscus 
Systems Administrator 
Information Technology Group 
Institute for Advanced Study 
609-734-8138 


----- Original Message -----

From: "Noriko Hosoi" <nhosoi at redhat.com> 
To: 389-users at lists.fedoraproject.org 
Sent: Wednesday, February 18, 2015 2:01:41 PM 
Subject: Re: [389-users] Passsync not changing passwords 


On 02/18/2015 05:17 AM, Daniel Franciscus wrote: 

<blockquote>

Hello, 


We have two Windows server 2003 domain controllers and I installed passsync on both servers in order to sync password changes to our 389 LDAP. On one domain controller, it appears passsync is working correctly as I can see in the passsync.log when I change a password through that domain controller. On the other domain controller, when I change a password I do not see any activity in the passsync.log at all. I have passsync on both domain controllers set to verbose logging. I also restarted both domain controllers after installing passsync. 


On the domain controller that is not syncing passwords the log appears as: 



02/18/15 07:52:59: PassSync service initialized 
02/18/15 07:52:59: PassSync service running 
02/18/15 07:52:59: No entries yet 
02/18/15 07:52:59: Password list is empty. Waiting for passhook event 


Does anyone have an idea of what the issue could be? 
</blockquote>
What is the version of PassSync? The latest is 1.1.6. 
http://www.port389.org/docs/389ds/releases/release-passsync-1-1-6.html 

Did yo have a chance to enable passhook log? 

In the regedit, go to: HKEY_LOCAK_MACHINE --> SOFTWARE\PasswordSync 
then, set 1 to Log Level. 

If you add or modify a password on the Windows Server 2003 domain cotroller, what do you get? Any errors? 


<blockquote>










Dan Franciscus 
Systems Administrator 
Information Technology Group 
Institute for Advanced Study 
609-734-8138 




--
389 users mailing list 389-users at lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/389-users 
</blockquote>


-- 
389 users mailing list 
389-users at lists.fedoraproject.org 
https://admin.fedoraproject.org/mailman/listinfo/389-users 


--
389 users mailing list 389-users at lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/389-users 
</blockquote>


-- 
389 users mailing list 
389-users at lists.fedoraproject.org 
https://admin.fedoraproject.org/mailman/listinfo/389-users 
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.fedoraproject.org/pipermail/389-users/attachments/20150218/d237846f/attachment.html>

More information about the 389-users mailing list