I thought that I had the PassSync working until I ran into this problem:
Passwords are not synchronized from FDS to AD. When accounts are added
to FDS, they do show up in AD ( Although sometimes the cn attribute gets
base64 encoded ), but I cannot authenticate to AD. When I change
passwords in the FDS side, they are not changed ( or not sent ) to AD.
If I change passwords in AD, they are changed in the FDS.
The logs show that something is happening (changed host names and dn''s)
[13/Jun/2006:15:03:41 -0700] NSMMReplicationPlugin - agmt="cn=AD"
(ad:636): No linger to cancel on the connection
[13/Jun/2006:15:03:41 -0700] NSMMReplicationPlugin -
windows_acquire_replica returned success (101)
[13/Jun/2006:15:03:41 -0700] NSMMReplicationPlugin - agmt="cn=AD"
(ad:636): State: ready_to_acquire_replica -> sending_updates
[13/Jun/2006:15:03:41 -0700] - _cl5PositionCursorForReplay
(agmt="cn=AD"
(ad:636)): Consumer RUV:
[13/Jun/2006:15:03:41 -0700] NSMMReplicationPlugin - agmt="cn=AD"
(ad:636): {replicageneration} 448f18ae000000010000
[13/Jun/2006:15:03:41 -0700] NSMMReplicationPlugin - agmt="cn=AD"
(ad:636): {replica 1 ldap://fds:389} 448f18e4000100010000
448f363d03d400010000 448f363d
[13/Jun/2006:15:03:41 -0700] - _cl5PositionCursorForReplay
(agmt="cn=AD"
(ad:636)): Supplier RUV:
[13/Jun/2006:15:03:41 -0700] NSMMReplicationPlugin - agmt="cn=AD"
(ad:636): {replicageneration} 448f18ae000000010000
[13/Jun/2006:15:03:41 -0700] NSMMReplicationPlugin - agmt="cn=AD"
(ad:636): {replica 1 ldap://fds:389} 448f18e4000100010000
448f363d03d700010000 448f363d
[13/Jun/2006:15:03:41 -0700] agmt="cn=AD" (ad:636) - session start:
anchorcsn=448f363d03d400010000
[13/Jun/2006:15:03:41 -0700] NSMMReplicationPlugin - changelog program -
agmt="cn=AD" (ad:636): CSN 448f363d03d400010000 found, position set
for
replay
[13/Jun/2006:15:03:41 -0700] agmt="cn=AD" (ad:636) - load=1 rec=1
csn=448f363d03d600010000
[13/Jun/2006:15:03:41 -0700] NSMMReplicationPlugin - agmt="cn=AD"
(ad:636): windows_replay_update: Looking at modify operation local
dn="uid=user,ou=people,dc=server,dc=,dc=" (ours,user,not group)
[13/Jun/2006:15:03:41 -0700] NSMMReplicationPlugin - agmt="cn=AD"
(ad:636): windows_replay_update: Processing modify operation local
dn="uid=user,ou=people,dc=server,dc=,dc=" remote
dn="<GUID=16f869dcfdde3d42bcb075fd4a1c7980>"
I''m not sure what is going on, I can talk via SSL from FDS to AD, and
I''m assuming that the PassSync service is working properly since the
changes from AD to FDS work.
Any suggestions?
nattapon viroonsri
2006-Jun-14 12:38 UTC
RE: [Fedora-directory-users] PassSync only working one way
When i add user or change password at fds side , it stuck with windows (2003) default password policy. So i have to chage to more strict password or disable policy at ads , then fds sync with ads completely.( can log on to ads with same password as fds user) im not sure this is same case as you. Regards, Nattapon>From: Jeff Gamsby <JFGamsby@lbl.gov> >Reply-To: "General discussion list for the Fedora Directory server >project." <fedora-directory-users@redhat.com> >To: "General discussion list for the Fedora Directory server project." ><fedora-directory-users@redhat.com> >Subject: [Fedora-directory-users] PassSync only working one way >Date: Tue, 13 Jun 2006 15:08:03 -0700 >MIME-Version: 1.0 >Received: from hormel.redhat.com ([209.132.177.30]) by >bay0-mc4-f5.bay0.hotmail.com with Microsoft SMTPSVC(6.0.3790.2444); Tue, 13 >Jun 2006 15:08:15 -0700 >Received: from listman.util.phx.redhat.com (listman.util.phx.redhat.com >[10.8.4.110])by hormel.redhat.com (Postfix) with ESMTPid 7DA3A73550; Tue, >13 Jun 2006 18:08:12 -0400 (EDT) >Received: from int-mx1.corp.redhat.com >(int-mx1.corp.redhat.com[172.16.52.254])by listman.util.phx.redhat.com >(8.13.1/8.13.1) with ESMTP idk5DM8BEP021980for ><fedora-directory-users@listman.util.phx.redhat.com>;Tue, 13 Jun 2006 >18:08:11 -0400 >Received: from mx1.redhat.com (mx1.redhat.com [172.16.48.31])by >int-mx1.corp.redhat.com (8.12.11.20060308/8.12.11) with ESMTP >idk5DM8B7P010237for <fedora-directory-users@redhat.com>; Tue, 13 Jun 2006 >18:08:11 -0400 >Received: from mta1.lbl.gov (mta1.lbl.gov [128.3.41.24])by mx1.redhat.com >(8.12.11.20060308/8.12.11) with ESMTP idk5DM8ATa017845for ><fedora-directory-users@redhat.com>; Tue, 13 Jun 2006 18:08:10 -0400 >Received: from mta1.lbl.gov (localhost [127.0.0.1])by mta1.lbl.gov >(8.13.6/8.13.6) with ESMTP id k5DM83Do029430for ><fedora-directory-users@redhat.com>;Tue, 13 Jun 2006 15:08:03 -0700 (PDT) >Received: from [131.243.161.186] (charlie.lbl.gov [131.243.161.186])by >mta1.lbl.gov (8.13.6/8.13.6) with ESMTP id k5DM82oT029426for ><fedora-directory-users@redhat.com>;Tue, 13 Jun 2006 15:08:03 -0700 (PDT) >X-Message-Info: LsUYwwHHNt1YGVdsJHk9XJ3CjXqSQnQhAaTm5/PIsXI>User-Agent: Thunderbird 1.5.0.4 (Windows/20060516) >X-Virus-Scanned: ClamAV 0.88.2/1538/Tue Jun 13 13:17:56 2006 on mta1 >X-Virus-Status: Clean >X-RedHat-Spam-Score: 0 X-loop: fedora-directory-users@redhat.com >X-BeenThere: fedora-directory-users@redhat.com >X-Mailman-Version: 2.1.5 >Precedence: junk >List-Id: "General discussion list for the Fedora Directory server >project."<fedora-directory-users.redhat.com> >List-Unsubscribe: ><https://www.redhat.com/mailman/listinfo/fedora-directory-users>,<mailto:fedora-directory-users-request@redhat.com?subject=unsubscribe> >List-Archive: <https://www.redhat.com/archives/fedora-directory-users> >List-Post: <mailto:fedora-directory-users@redhat.com> >List-Help: <mailto:fedora-directory-users-request@redhat.com?subject=help> >List-Subscribe: ><https://www.redhat.com/mailman/listinfo/fedora-directory-users>,<mailto:fedora-directory-users-request@redhat.com?subject=subscribe> >Errors-To: fedora-directory-users-bounces@redhat.com >Return-Path: fedora-directory-users-bounces@redhat.com >X-OriginalArrivalTime: 13 Jun 2006 22:08:16.0215 (UTC) >FILETIME=[DEE3D670:01C68F35] > >I thought that I had the PassSync working until I ran into this problem: > >Passwords are not synchronized from FDS to AD. When accounts are added to >FDS, they do show up in AD ( Although sometimes the cn attribute gets >base64 encoded ), but I cannot authenticate to AD. When I change passwords >in the FDS side, they are not changed ( or not sent ) to AD. If I change >passwords in AD, they are changed in the FDS. > >The logs show that something is happening (changed host names and dn''s) > >[13/Jun/2006:15:03:41 -0700] NSMMReplicationPlugin - agmt="cn=AD" (ad:636): >No linger to cancel on the connection >[13/Jun/2006:15:03:41 -0700] NSMMReplicationPlugin - >windows_acquire_replica returned success (101) >[13/Jun/2006:15:03:41 -0700] NSMMReplicationPlugin - agmt="cn=AD" (ad:636): >State: ready_to_acquire_replica -> sending_updates >[13/Jun/2006:15:03:41 -0700] - _cl5PositionCursorForReplay (agmt="cn=AD" >(ad:636)): Consumer RUV: >[13/Jun/2006:15:03:41 -0700] NSMMReplicationPlugin - agmt="cn=AD" (ad:636): >{replicageneration} 448f18ae000000010000 >[13/Jun/2006:15:03:41 -0700] NSMMReplicationPlugin - agmt="cn=AD" (ad:636): >{replica 1 ldap://fds:389} 448f18e4000100010000 448f363d03d400010000 >448f363d >[13/Jun/2006:15:03:41 -0700] - _cl5PositionCursorForReplay (agmt="cn=AD" >(ad:636)): Supplier RUV: >[13/Jun/2006:15:03:41 -0700] NSMMReplicationPlugin - agmt="cn=AD" (ad:636): >{replicageneration} 448f18ae000000010000 >[13/Jun/2006:15:03:41 -0700] NSMMReplicationPlugin - agmt="cn=AD" (ad:636): >{replica 1 ldap://fds:389} 448f18e4000100010000 448f363d03d700010000 >448f363d >[13/Jun/2006:15:03:41 -0700] agmt="cn=AD" (ad:636) - session start: >anchorcsn=448f363d03d400010000 >[13/Jun/2006:15:03:41 -0700] NSMMReplicationPlugin - changelog program - >agmt="cn=AD" (ad:636): CSN 448f363d03d400010000 found, position set for >replay >[13/Jun/2006:15:03:41 -0700] agmt="cn=AD" (ad:636) - load=1 rec=1 >csn=448f363d03d600010000 >[13/Jun/2006:15:03:41 -0700] NSMMReplicationPlugin - agmt="cn=AD" (ad:636): >windows_replay_update: Looking at modify operation local >dn="uid=user,ou=people,dc=server,dc=,dc=" (ours,user,not group) >[13/Jun/2006:15:03:41 -0700] NSMMReplicationPlugin - agmt="cn=AD" (ad:636): >windows_replay_update: Processing modify operation local >dn="uid=user,ou=people,dc=server,dc=,dc=" remote >dn="<GUID=16f869dcfdde3d42bcb075fd4a1c7980>" > > >I''m not sure what is going on, I can talk via SSL from FDS to AD, and I''m >assuming that the PassSync service is working properly since the changes >from AD to FDS work. > >Any suggestions? > > >-- >Fedora-directory-users mailing list >Fedora-directory-users@redhat.com >https://www.redhat.com/mailman/listinfo/fedora-directory-users_________________________________________________________________ Express yourself instantly with MSN Messenger! Download today it''s FREE! http://messenger.msn.click-url.com/go/onm00200471ave/direct/01/
Jeff Gamsby
2006-Jun-14 14:35 UTC
Re: [Fedora-directory-users] PassSync only working one way
Thanks for responding. I have windows 2000, the default password policy is disabled by default, but I did turn it on to see if that was the problem and also tried more complex passwords when testing. Nothing has worked so far. I''m not even sure if there is any other tests that I can do, I''ve turned up the logging, but it still doesn''t give me any clues as to what is going on. Thanks, Jeff nattapon viroonsri wrote:> > When i add user or change password at fds side , it stuck with windows > (2003) default password policy. > So i have to chage to more strict password or disable policy at ads , > then fds sync with ads completely.( can log on to ads with same > password as fds user) > > im not sure this is same case as you. > > Regards, > Nattapon > > >> From: Jeff Gamsby <JFGamsby@lbl.gov> >> Reply-To: "General discussion list for the Fedora Directory server >> project." <fedora-directory-users@redhat.com> >> To: "General discussion list for the Fedora Directory server >> project." <fedora-directory-users@redhat.com> >> Subject: [Fedora-directory-users] PassSync only working one way >> Date: Tue, 13 Jun 2006 15:08:03 -0700 >> MIME-Version: 1.0 >> Received: from hormel.redhat.com ([209.132.177.30]) by >> bay0-mc4-f5.bay0.hotmail.com with Microsoft SMTPSVC(6.0.3790.2444); >> Tue, 13 Jun 2006 15:08:15 -0700 >> Received: from listman.util.phx.redhat.com >> (listman.util.phx.redhat.com [10.8.4.110])by hormel.redhat.com >> (Postfix) with ESMTPid 7DA3A73550; Tue, 13 Jun 2006 18:08:12 -0400 (EDT) >> Received: from int-mx1.corp.redhat.com >> (int-mx1.corp.redhat.com[172.16.52.254])by >> listman.util.phx.redhat.com (8.13.1/8.13.1) with ESMTP >> idk5DM8BEP021980for >> <fedora-directory-users@listman.util.phx.redhat.com>;Tue, 13 Jun 2006 >> 18:08:11 -0400 >> Received: from mx1.redhat.com (mx1.redhat.com [172.16.48.31])by >> int-mx1.corp.redhat.com (8.12.11.20060308/8.12.11) with ESMTP >> idk5DM8B7P010237for <fedora-directory-users@redhat.com>; Tue, 13 Jun >> 2006 18:08:11 -0400 >> Received: from mta1.lbl.gov (mta1.lbl.gov [128.3.41.24])by >> mx1.redhat.com (8.12.11.20060308/8.12.11) with ESMTP >> idk5DM8ATa017845for <fedora-directory-users@redhat.com>; Tue, 13 Jun >> 2006 18:08:10 -0400 >> Received: from mta1.lbl.gov (localhost [127.0.0.1])by mta1.lbl.gov >> (8.13.6/8.13.6) with ESMTP id k5DM83Do029430for >> <fedora-directory-users@redhat.com>;Tue, 13 Jun 2006 15:08:03 -0700 >> (PDT) >> Received: from [131.243.161.186] (charlie.lbl.gov >> [131.243.161.186])by mta1.lbl.gov (8.13.6/8.13.6) with ESMTP id >> k5DM82oT029426for <fedora-directory-users@redhat.com>;Tue, 13 Jun >> 2006 15:08:03 -0700 (PDT) >> X-Message-Info: LsUYwwHHNt1YGVdsJHk9XJ3CjXqSQnQhAaTm5/PIsXI>> User-Agent: Thunderbird 1.5.0.4 (Windows/20060516) >> X-Virus-Scanned: ClamAV 0.88.2/1538/Tue Jun 13 13:17:56 2006 on mta1 >> X-Virus-Status: Clean >> X-RedHat-Spam-Score: 0 X-loop: fedora-directory-users@redhat.com >> X-BeenThere: fedora-directory-users@redhat.com >> X-Mailman-Version: 2.1.5 >> Precedence: junk >> List-Id: "General discussion list for the Fedora Directory server >> project."<fedora-directory-users.redhat.com> >> List-Unsubscribe: >> <https://www.redhat.com/mailman/listinfo/fedora-directory-users>,<mailto:fedora-directory-users-request@redhat.com?subject=unsubscribe> >> >> List-Archive: <https://www.redhat.com/archives/fedora-directory-users> >> List-Post: <mailto:fedora-directory-users@redhat.com> >> List-Help: >> <mailto:fedora-directory-users-request@redhat.com?subject=help> >> List-Subscribe: >> <https://www.redhat.com/mailman/listinfo/fedora-directory-users>,<mailto:fedora-directory-users-request@redhat.com?subject=subscribe> >> >> Errors-To: fedora-directory-users-bounces@redhat.com >> Return-Path: fedora-directory-users-bounces@redhat.com >> X-OriginalArrivalTime: 13 Jun 2006 22:08:16.0215 (UTC) >> FILETIME=[DEE3D670:01C68F35] >> >> I thought that I had the PassSync working until I ran into this problem: >> >> Passwords are not synchronized from FDS to AD. When accounts are >> added to FDS, they do show up in AD ( Although sometimes the cn >> attribute gets base64 encoded ), but I cannot authenticate to AD. >> When I change passwords in the FDS side, they are not changed ( or >> not sent ) to AD. If I change passwords in AD, they are changed in >> the FDS. >> >> The logs show that something is happening (changed host names and dn''s) >> >> [13/Jun/2006:15:03:41 -0700] NSMMReplicationPlugin - agmt="cn=AD" >> (ad:636): No linger to cancel on the connection >> [13/Jun/2006:15:03:41 -0700] NSMMReplicationPlugin - >> windows_acquire_replica returned success (101) >> [13/Jun/2006:15:03:41 -0700] NSMMReplicationPlugin - agmt="cn=AD" >> (ad:636): State: ready_to_acquire_replica -> sending_updates >> [13/Jun/2006:15:03:41 -0700] - _cl5PositionCursorForReplay >> (agmt="cn=AD" (ad:636)): Consumer RUV: >> [13/Jun/2006:15:03:41 -0700] NSMMReplicationPlugin - agmt="cn=AD" >> (ad:636): {replicageneration} 448f18ae000000010000 >> [13/Jun/2006:15:03:41 -0700] NSMMReplicationPlugin - agmt="cn=AD" >> (ad:636): {replica 1 ldap://fds:389} 448f18e4000100010000 >> 448f363d03d400010000 448f363d >> [13/Jun/2006:15:03:41 -0700] - _cl5PositionCursorForReplay >> (agmt="cn=AD" (ad:636)): Supplier RUV: >> [13/Jun/2006:15:03:41 -0700] NSMMReplicationPlugin - agmt="cn=AD" >> (ad:636): {replicageneration} 448f18ae000000010000 >> [13/Jun/2006:15:03:41 -0700] NSMMReplicationPlugin - agmt="cn=AD" >> (ad:636): {replica 1 ldap://fds:389} 448f18e4000100010000 >> 448f363d03d700010000 448f363d >> [13/Jun/2006:15:03:41 -0700] agmt="cn=AD" (ad:636) - session start: >> anchorcsn=448f363d03d400010000 >> [13/Jun/2006:15:03:41 -0700] NSMMReplicationPlugin - changelog >> program - agmt="cn=AD" (ad:636): CSN 448f363d03d400010000 found, >> position set for replay >> [13/Jun/2006:15:03:41 -0700] agmt="cn=AD" (ad:636) - load=1 rec=1 >> csn=448f363d03d600010000 >> [13/Jun/2006:15:03:41 -0700] NSMMReplicationPlugin - agmt="cn=AD" >> (ad:636): windows_replay_update: Looking at modify operation local >> dn="uid=user,ou=people,dc=server,dc=,dc=" (ours,user,not group) >> [13/Jun/2006:15:03:41 -0700] NSMMReplicationPlugin - agmt="cn=AD" >> (ad:636): windows_replay_update: Processing modify operation local >> dn="uid=user,ou=people,dc=server,dc=,dc=" remote >> dn="<GUID=16f869dcfdde3d42bcb075fd4a1c7980>" >> >> >> I''m not sure what is going on, I can talk via SSL from FDS to AD, and >> I''m assuming that the PassSync service is working properly since the >> changes from AD to FDS work. >> >> Any suggestions? >> >> >> -- >> Fedora-directory-users mailing list >> Fedora-directory-users@redhat.com >> https://www.redhat.com/mailman/listinfo/fedora-directory-users > > _________________________________________________________________ > Express yourself instantly with MSN Messenger! Download today it''s > FREE! http://messenger.msn.click-url.com/go/onm00200471ave/direct/01/ > > -- > Fedora-directory-users mailing list > Fedora-directory-users@redhat.com > https://www.redhat.com/mailman/listinfo/fedora-directory-users
Nathan Kinder
2006-Jun-14 15:54 UTC
Re: [Fedora-directory-users] PassSync only working one way
Jeff Gamsby wrote:> > Thanks for responding. > I have windows 2000, the default password policy is disabled by > default, but I did turn it on to see if that was the problem and also > tried more complex passwords when testing. Nothing has worked so far. > I''m not even sure if there is any other tests that I can do, I''ve > turned up the logging, but it still doesn''t give me any clues as to > what is going on.Are you saying that you enabled Active Directorys password complexity option? I''m pretty sure that is required for passwords to sync from FDS -> AD. You could also attempt to use ldapmodify against AD to remotely change a users password over SSL as a test. It sounds like everything with the PassSync service is fine since passwords are working from AD -> FDS. -NGK> > Thanks, > Jeff > > nattapon viroonsri wrote: >> >> When i add user or change password at fds side , it stuck with >> windows (2003) default password policy. >> So i have to chage to more strict password or disable policy at ads , >> then fds sync with ads completely.( can log on to ads with same >> password as fds user) >> >> im not sure this is same case as you. >> >> Regards, >> Nattapon >> >> >>> From: Jeff Gamsby <JFGamsby@lbl.gov> >>> Reply-To: "General discussion list for the Fedora Directory server >>> project." <fedora-directory-users@redhat.com> >>> To: "General discussion list for the Fedora Directory server >>> project." <fedora-directory-users@redhat.com> >>> Subject: [Fedora-directory-users] PassSync only working one way >>> Date: Tue, 13 Jun 2006 15:08:03 -0700 >>> MIME-Version: 1.0 >>> Received: from hormel.redhat.com ([209.132.177.30]) by >>> bay0-mc4-f5.bay0.hotmail.com with Microsoft SMTPSVC(6.0.3790.2444); >>> Tue, 13 Jun 2006 15:08:15 -0700 >>> Received: from listman.util.phx.redhat.com >>> (listman.util.phx.redhat.com [10.8.4.110])by hormel.redhat.com >>> (Postfix) with ESMTPid 7DA3A73550; Tue, 13 Jun 2006 18:08:12 -0400 >>> (EDT) >>> Received: from int-mx1.corp.redhat.com >>> (int-mx1.corp.redhat.com[172.16.52.254])by >>> listman.util.phx.redhat.com (8.13.1/8.13.1) with ESMTP >>> idk5DM8BEP021980for >>> <fedora-directory-users@listman.util.phx.redhat.com>;Tue, 13 Jun >>> 2006 18:08:11 -0400 >>> Received: from mx1.redhat.com (mx1.redhat.com [172.16.48.31])by >>> int-mx1.corp.redhat.com (8.12.11.20060308/8.12.11) with ESMTP >>> idk5DM8B7P010237for <fedora-directory-users@redhat.com>; Tue, 13 Jun >>> 2006 18:08:11 -0400 >>> Received: from mta1.lbl.gov (mta1.lbl.gov [128.3.41.24])by >>> mx1.redhat.com (8.12.11.20060308/8.12.11) with ESMTP >>> idk5DM8ATa017845for <fedora-directory-users@redhat.com>; Tue, 13 Jun >>> 2006 18:08:10 -0400 >>> Received: from mta1.lbl.gov (localhost [127.0.0.1])by mta1.lbl.gov >>> (8.13.6/8.13.6) with ESMTP id k5DM83Do029430for >>> <fedora-directory-users@redhat.com>;Tue, 13 Jun 2006 15:08:03 -0700 >>> (PDT) >>> Received: from [131.243.161.186] (charlie.lbl.gov >>> [131.243.161.186])by mta1.lbl.gov (8.13.6/8.13.6) with ESMTP id >>> k5DM82oT029426for <fedora-directory-users@redhat.com>;Tue, 13 Jun >>> 2006 15:08:03 -0700 (PDT) >>> X-Message-Info: LsUYwwHHNt1YGVdsJHk9XJ3CjXqSQnQhAaTm5/PIsXI>>> User-Agent: Thunderbird 1.5.0.4 (Windows/20060516) >>> X-Virus-Scanned: ClamAV 0.88.2/1538/Tue Jun 13 13:17:56 2006 on mta1 >>> X-Virus-Status: Clean >>> X-RedHat-Spam-Score: 0 X-loop: fedora-directory-users@redhat.com >>> X-BeenThere: fedora-directory-users@redhat.com >>> X-Mailman-Version: 2.1.5 >>> Precedence: junk >>> List-Id: "General discussion list for the Fedora Directory server >>> project."<fedora-directory-users.redhat.com> >>> List-Unsubscribe: >>> <https://www.redhat.com/mailman/listinfo/fedora-directory-users>,<mailto:fedora-directory-users-request@redhat.com?subject=unsubscribe> >>> >>> List-Archive: <https://www.redhat.com/archives/fedora-directory-users> >>> List-Post: <mailto:fedora-directory-users@redhat.com> >>> List-Help: >>> <mailto:fedora-directory-users-request@redhat.com?subject=help> >>> List-Subscribe: >>> <https://www.redhat.com/mailman/listinfo/fedora-directory-users>,<mailto:fedora-directory-users-request@redhat.com?subject=subscribe> >>> >>> Errors-To: fedora-directory-users-bounces@redhat.com >>> Return-Path: fedora-directory-users-bounces@redhat.com >>> X-OriginalArrivalTime: 13 Jun 2006 22:08:16.0215 (UTC) >>> FILETIME=[DEE3D670:01C68F35] >>> >>> I thought that I had the PassSync working until I ran into this >>> problem: >>> >>> Passwords are not synchronized from FDS to AD. When accounts are >>> added to FDS, they do show up in AD ( Although sometimes the cn >>> attribute gets base64 encoded ), but I cannot authenticate to AD. >>> When I change passwords in the FDS side, they are not changed ( or >>> not sent ) to AD. If I change passwords in AD, they are changed in >>> the FDS. >>> >>> The logs show that something is happening (changed host names and dn''s) >>> >>> [13/Jun/2006:15:03:41 -0700] NSMMReplicationPlugin - agmt="cn=AD" >>> (ad:636): No linger to cancel on the connection >>> [13/Jun/2006:15:03:41 -0700] NSMMReplicationPlugin - >>> windows_acquire_replica returned success (101) >>> [13/Jun/2006:15:03:41 -0700] NSMMReplicationPlugin - agmt="cn=AD" >>> (ad:636): State: ready_to_acquire_replica -> sending_updates >>> [13/Jun/2006:15:03:41 -0700] - _cl5PositionCursorForReplay >>> (agmt="cn=AD" (ad:636)): Consumer RUV: >>> [13/Jun/2006:15:03:41 -0700] NSMMReplicationPlugin - agmt="cn=AD" >>> (ad:636): {replicageneration} 448f18ae000000010000 >>> [13/Jun/2006:15:03:41 -0700] NSMMReplicationPlugin - agmt="cn=AD" >>> (ad:636): {replica 1 ldap://fds:389} 448f18e4000100010000 >>> 448f363d03d400010000 448f363d >>> [13/Jun/2006:15:03:41 -0700] - _cl5PositionCursorForReplay >>> (agmt="cn=AD" (ad:636)): Supplier RUV: >>> [13/Jun/2006:15:03:41 -0700] NSMMReplicationPlugin - agmt="cn=AD" >>> (ad:636): {replicageneration} 448f18ae000000010000 >>> [13/Jun/2006:15:03:41 -0700] NSMMReplicationPlugin - agmt="cn=AD" >>> (ad:636): {replica 1 ldap://fds:389} 448f18e4000100010000 >>> 448f363d03d700010000 448f363d >>> [13/Jun/2006:15:03:41 -0700] agmt="cn=AD" (ad:636) - session start: >>> anchorcsn=448f363d03d400010000 >>> [13/Jun/2006:15:03:41 -0700] NSMMReplicationPlugin - changelog >>> program - agmt="cn=AD" (ad:636): CSN 448f363d03d400010000 found, >>> position set for replay >>> [13/Jun/2006:15:03:41 -0700] agmt="cn=AD" (ad:636) - load=1 rec=1 >>> csn=448f363d03d600010000 >>> [13/Jun/2006:15:03:41 -0700] NSMMReplicationPlugin - agmt="cn=AD" >>> (ad:636): windows_replay_update: Looking at modify operation local >>> dn="uid=user,ou=people,dc=server,dc=,dc=" (ours,user,not group) >>> [13/Jun/2006:15:03:41 -0700] NSMMReplicationPlugin - agmt="cn=AD" >>> (ad:636): windows_replay_update: Processing modify operation local >>> dn="uid=user,ou=people,dc=server,dc=,dc=" remote >>> dn="<GUID=16f869dcfdde3d42bcb075fd4a1c7980>" >>> >>> >>> I''m not sure what is going on, I can talk via SSL from FDS to AD, >>> and I''m assuming that the PassSync service is working properly since >>> the changes from AD to FDS work. >>> >>> Any suggestions? >>> >>> >>> -- >>> Fedora-directory-users mailing list >>> Fedora-directory-users@redhat.com >>> https://www.redhat.com/mailman/listinfo/fedora-directory-users >> >> _________________________________________________________________ >> Express yourself instantly with MSN Messenger! Download today it''s >> FREE! http://messenger.msn.click-url.com/go/onm00200471ave/direct/01/ >> >> -- >> Fedora-directory-users mailing list >> Fedora-directory-users@redhat.com >> https://www.redhat.com/mailman/listinfo/fedora-directory-users > > -- > Fedora-directory-users mailing list > Fedora-directory-users@redhat.com > https://www.redhat.com/mailman/listinfo/fedora-directory-users
Jeff Gamsby
2006-Jun-14 16:06 UTC
Re: [Fedora-directory-users] PassSync only working one way
Correct. It was not enabled when I first installed and configured PassSync. I tried to use ldapmodify to change the password, but that didn''t work either. To use ldapmodify, do I change UnicodePwd? How do I generate UnicodePwd? dn: cn=user,cn=users,dc=ad,dc=server,dc=com changetype: modify replace: unicodepwd unicodepwd: Thanks Jeff Nathan Kinder wrote:> Jeff Gamsby wrote: >> >> Thanks for responding. >> I have windows 2000, the default password policy is disabled by >> default, but I did turn it on to see if that was the problem and also >> tried more complex passwords when testing. Nothing has worked so far. >> I''m not even sure if there is any other tests that I can do, I''ve >> turned up the logging, but it still doesn''t give me any clues as to >> what is going on. > Are you saying that you enabled Active Directorys password complexity > option? I''m pretty sure that is required for passwords to sync from > FDS -> AD. You could also attempt to use ldapmodify against AD to > remotely change a users password over SSL as a test. > > It sounds like everything with the PassSync service is fine since > passwords are working from AD -> FDS. > > -NGK >> >> Thanks, >> Jeff >> >> nattapon viroonsri wrote: >>> >>> When i add user or change password at fds side , it stuck with >>> windows (2003) default password policy. >>> So i have to chage to more strict password or disable policy at ads , >>> then fds sync with ads completely.( can log on to ads with same >>> password as fds user) >>> >>> im not sure this is same case as you. >>> >>> Regards, >>> Nattapon >>> >>> >>>> From: Jeff Gamsby <JFGamsby@lbl.gov> >>>> Reply-To: "General discussion list for the Fedora Directory server >>>> project." <fedora-directory-users@redhat.com> >>>> To: "General discussion list for the Fedora Directory server >>>> project." <fedora-directory-users@redhat.com> >>>> Subject: [Fedora-directory-users] PassSync only working one way >>>> Date: Tue, 13 Jun 2006 15:08:03 -0700 >>>> MIME-Version: 1.0 >>>> Received: from hormel.redhat.com ([209.132.177.30]) by >>>> bay0-mc4-f5.bay0.hotmail.com with Microsoft SMTPSVC(6.0.3790.2444); >>>> Tue, 13 Jun 2006 15:08:15 -0700 >>>> Received: from listman.util.phx.redhat.com >>>> (listman.util.phx.redhat.com [10.8.4.110])by hormel.redhat.com >>>> (Postfix) with ESMTPid 7DA3A73550; Tue, 13 Jun 2006 18:08:12 -0400 >>>> (EDT) >>>> Received: from int-mx1.corp.redhat.com >>>> (int-mx1.corp.redhat.com[172.16.52.254])by >>>> listman.util.phx.redhat.com (8.13.1/8.13.1) with ESMTP >>>> idk5DM8BEP021980for >>>> <fedora-directory-users@listman.util.phx.redhat.com>;Tue, 13 Jun >>>> 2006 18:08:11 -0400 >>>> Received: from mx1.redhat.com (mx1.redhat.com [172.16.48.31])by >>>> int-mx1.corp.redhat.com (8.12.11.20060308/8.12.11) with ESMTP >>>> idk5DM8B7P010237for <fedora-directory-users@redhat.com>; Tue, 13 >>>> Jun 2006 18:08:11 -0400 >>>> Received: from mta1.lbl.gov (mta1.lbl.gov [128.3.41.24])by >>>> mx1.redhat.com (8.12.11.20060308/8.12.11) with ESMTP >>>> idk5DM8ATa017845for <fedora-directory-users@redhat.com>; Tue, 13 >>>> Jun 2006 18:08:10 -0400 >>>> Received: from mta1.lbl.gov (localhost [127.0.0.1])by mta1.lbl.gov >>>> (8.13.6/8.13.6) with ESMTP id k5DM83Do029430for >>>> <fedora-directory-users@redhat.com>;Tue, 13 Jun 2006 15:08:03 -0700 >>>> (PDT) >>>> Received: from [131.243.161.186] (charlie.lbl.gov >>>> [131.243.161.186])by mta1.lbl.gov (8.13.6/8.13.6) with ESMTP id >>>> k5DM82oT029426for <fedora-directory-users@redhat.com>;Tue, 13 Jun >>>> 2006 15:08:03 -0700 (PDT) >>>> X-Message-Info: LsUYwwHHNt1YGVdsJHk9XJ3CjXqSQnQhAaTm5/PIsXI>>>> User-Agent: Thunderbird 1.5.0.4 (Windows/20060516) >>>> X-Virus-Scanned: ClamAV 0.88.2/1538/Tue Jun 13 13:17:56 2006 on mta1 >>>> X-Virus-Status: Clean >>>> X-RedHat-Spam-Score: 0 X-loop: fedora-directory-users@redhat.com >>>> X-BeenThere: fedora-directory-users@redhat.com >>>> X-Mailman-Version: 2.1.5 >>>> Precedence: junk >>>> List-Id: "General discussion list for the Fedora Directory server >>>> project."<fedora-directory-users.redhat.com> >>>> List-Unsubscribe: >>>> <https://www.redhat.com/mailman/listinfo/fedora-directory-users>,<mailto:fedora-directory-users-request@redhat.com?subject=unsubscribe> >>>> >>>> List-Archive: <https://www.redhat.com/archives/fedora-directory-users> >>>> List-Post: <mailto:fedora-directory-users@redhat.com> >>>> List-Help: >>>> <mailto:fedora-directory-users-request@redhat.com?subject=help> >>>> List-Subscribe: >>>> <https://www.redhat.com/mailman/listinfo/fedora-directory-users>,<mailto:fedora-directory-users-request@redhat.com?subject=subscribe> >>>> >>>> Errors-To: fedora-directory-users-bounces@redhat.com >>>> Return-Path: fedora-directory-users-bounces@redhat.com >>>> X-OriginalArrivalTime: 13 Jun 2006 22:08:16.0215 (UTC) >>>> FILETIME=[DEE3D670:01C68F35] >>>> >>>> I thought that I had the PassSync working until I ran into this >>>> problem: >>>> >>>> Passwords are not synchronized from FDS to AD. When accounts are >>>> added to FDS, they do show up in AD ( Although sometimes the cn >>>> attribute gets base64 encoded ), but I cannot authenticate to AD. >>>> When I change passwords in the FDS side, they are not changed ( or >>>> not sent ) to AD. If I change passwords in AD, they are changed in >>>> the FDS. >>>> >>>> The logs show that something is happening (changed host names and >>>> dn''s) >>>> >>>> [13/Jun/2006:15:03:41 -0700] NSMMReplicationPlugin - agmt="cn=AD" >>>> (ad:636): No linger to cancel on the connection >>>> [13/Jun/2006:15:03:41 -0700] NSMMReplicationPlugin - >>>> windows_acquire_replica returned success (101) >>>> [13/Jun/2006:15:03:41 -0700] NSMMReplicationPlugin - agmt="cn=AD" >>>> (ad:636): State: ready_to_acquire_replica -> sending_updates >>>> [13/Jun/2006:15:03:41 -0700] - _cl5PositionCursorForReplay >>>> (agmt="cn=AD" (ad:636)): Consumer RUV: >>>> [13/Jun/2006:15:03:41 -0700] NSMMReplicationPlugin - agmt="cn=AD" >>>> (ad:636): {replicageneration} 448f18ae000000010000 >>>> [13/Jun/2006:15:03:41 -0700] NSMMReplicationPlugin - agmt="cn=AD" >>>> (ad:636): {replica 1 ldap://fds:389} 448f18e4000100010000 >>>> 448f363d03d400010000 448f363d >>>> [13/Jun/2006:15:03:41 -0700] - _cl5PositionCursorForReplay >>>> (agmt="cn=AD" (ad:636)): Supplier RUV: >>>> [13/Jun/2006:15:03:41 -0700] NSMMReplicationPlugin - agmt="cn=AD" >>>> (ad:636): {replicageneration} 448f18ae000000010000 >>>> [13/Jun/2006:15:03:41 -0700] NSMMReplicationPlugin - agmt="cn=AD" >>>> (ad:636): {replica 1 ldap://fds:389} 448f18e4000100010000 >>>> 448f363d03d700010000 448f363d >>>> [13/Jun/2006:15:03:41 -0700] agmt="cn=AD" (ad:636) - session start: >>>> anchorcsn=448f363d03d400010000 >>>> [13/Jun/2006:15:03:41 -0700] NSMMReplicationPlugin - changelog >>>> program - agmt="cn=AD" (ad:636): CSN 448f363d03d400010000 found, >>>> position set for replay >>>> [13/Jun/2006:15:03:41 -0700] agmt="cn=AD" (ad:636) - load=1 rec=1 >>>> csn=448f363d03d600010000 >>>> [13/Jun/2006:15:03:41 -0700] NSMMReplicationPlugin - agmt="cn=AD" >>>> (ad:636): windows_replay_update: Looking at modify operation local >>>> dn="uid=user,ou=people,dc=server,dc=,dc=" (ours,user,not group) >>>> [13/Jun/2006:15:03:41 -0700] NSMMReplicationPlugin - agmt="cn=AD" >>>> (ad:636): windows_replay_update: Processing modify operation local >>>> dn="uid=user,ou=people,dc=server,dc=,dc=" remote >>>> dn="<GUID=16f869dcfdde3d42bcb075fd4a1c7980>" >>>> >>>> >>>> I''m not sure what is going on, I can talk via SSL from FDS to AD, >>>> and I''m assuming that the PassSync service is working properly >>>> since the changes from AD to FDS work. >>>> >>>> Any suggestions? >>>> >>>> >>>> -- >>>> Fedora-directory-users mailing list >>>> Fedora-directory-users@redhat.com >>>> https://www.redhat.com/mailman/listinfo/fedora-directory-users >>> >>> _________________________________________________________________ >>> Express yourself instantly with MSN Messenger! Download today it''s >>> FREE! http://messenger.msn.click-url.com/go/onm00200471ave/direct/01/ >>> >>> -- >>> Fedora-directory-users mailing list >>> Fedora-directory-users@redhat.com >>> https://www.redhat.com/mailman/listinfo/fedora-directory-users >> >> -- >> Fedora-directory-users mailing list >> Fedora-directory-users@redhat.com >> https://www.redhat.com/mailman/listinfo/fedora-directory-users > > ------------------------------------------------------------------------ > > -- > Fedora-directory-users mailing list > Fedora-directory-users@redhat.com > https://www.redhat.com/mailman/listinfo/fedora-directory-users >
Ulf Weltman
2006-Jun-14 17:55 UTC
Re: [Fedora-directory-users] PassSync only working one way
UnicodePwd has to be little-endian unicode and with quotes around it. You can do something like... echo \"Secret12\" > pass.txt iconv -t UNICODELITTLE -o unicodepass.txt pass.txt And then base64 encode unicodepass.txt and use the result for unicodePwd value. I got the details from http://support.microsoft.com/?kbid=269190 originally. Ulf Jeff Gamsby wrote:> Correct. It was not enabled when I first installed and configured > PassSync. I tried to use ldapmodify to change the password, but that > didn''t work either. > > To use ldapmodify, do I change UnicodePwd? > > How do I generate UnicodePwd? > > dn: cn=user,cn=users,dc=ad,dc=server,dc=com > changetype: modify > replace: unicodepwd > unicodepwd: > > Thanks > Jeff > > > Nathan Kinder wrote: > >> Jeff Gamsby wrote: >> >>> >>> Thanks for responding. >>> I have windows 2000, the default password policy is disabled by >>> default, but I did turn it on to see if that was the problem and >>> also tried more complex passwords when testing. Nothing has worked >>> so far. I''m not even sure if there is any other tests that I can do, >>> I''ve turned up the logging, but it still doesn''t give me any clues >>> as to what is going on. >> >> Are you saying that you enabled Active Directorys password complexity >> option? I''m pretty sure that is required for passwords to sync from >> FDS -> AD. You could also attempt to use ldapmodify against AD to >> remotely change a users password over SSL as a test. >> >> It sounds like everything with the PassSync service is fine since >> passwords are working from AD -> FDS. >> >> -NGK >> >>> >>> Thanks, >>> Jeff >>> >>> nattapon viroonsri wrote: >>> >>>> >>>> When i add user or change password at fds side , it stuck with >>>> windows (2003) default password policy. >>>> So i have to chage to more strict password or disable policy at ads , >>>> then fds sync with ads completely.( can log on to ads with same >>>> password as fds user) >>>> >>>> im not sure this is same case as you. >>>> >>>> Regards, >>>> Nattapon >>>> >>>> >>>>> From: Jeff Gamsby <JFGamsby@lbl.gov> >>>>> Reply-To: "General discussion list for the Fedora Directory server >>>>> project." <fedora-directory-users@redhat.com> >>>>> To: "General discussion list for the Fedora Directory server >>>>> project." <fedora-directory-users@redhat.com> >>>>> Subject: [Fedora-directory-users] PassSync only working one way >>>>> Date: Tue, 13 Jun 2006 15:08:03 -0700 >>>>> MIME-Version: 1.0 >>>>> Received: from hormel.redhat.com ([209.132.177.30]) by >>>>> bay0-mc4-f5.bay0.hotmail.com with Microsoft >>>>> SMTPSVC(6.0.3790.2444); Tue, 13 Jun 2006 15:08:15 -0700 >>>>> Received: from listman.util.phx.redhat.com >>>>> (listman.util.phx.redhat.com [10.8.4.110])by hormel.redhat.com >>>>> (Postfix) with ESMTPid 7DA3A73550; Tue, 13 Jun 2006 18:08:12 -0400 >>>>> (EDT) >>>>> Received: from int-mx1.corp.redhat.com >>>>> (int-mx1.corp.redhat.com[172.16.52.254])by >>>>> listman.util.phx.redhat.com (8.13.1/8.13.1) with ESMTP >>>>> idk5DM8BEP021980for >>>>> <fedora-directory-users@listman.util.phx.redhat.com>;Tue, 13 Jun >>>>> 2006 18:08:11 -0400 >>>>> Received: from mx1.redhat.com (mx1.redhat.com [172.16.48.31])by >>>>> int-mx1.corp.redhat.com (8.12.11.20060308/8.12.11) with ESMTP >>>>> idk5DM8B7P010237for <fedora-directory-users@redhat.com>; Tue, 13 >>>>> Jun 2006 18:08:11 -0400 >>>>> Received: from mta1.lbl.gov (mta1.lbl.gov [128.3.41.24])by >>>>> mx1.redhat.com (8.12.11.20060308/8.12.11) with ESMTP >>>>> idk5DM8ATa017845for <fedora-directory-users@redhat.com>; Tue, 13 >>>>> Jun 2006 18:08:10 -0400 >>>>> Received: from mta1.lbl.gov (localhost [127.0.0.1])by mta1.lbl.gov >>>>> (8.13.6/8.13.6) with ESMTP id k5DM83Do029430for >>>>> <fedora-directory-users@redhat.com>;Tue, 13 Jun 2006 15:08:03 >>>>> -0700 (PDT) >>>>> Received: from [131.243.161.186] (charlie.lbl.gov >>>>> [131.243.161.186])by mta1.lbl.gov (8.13.6/8.13.6) with ESMTP id >>>>> k5DM82oT029426for <fedora-directory-users@redhat.com>;Tue, 13 Jun >>>>> 2006 15:08:03 -0700 (PDT) >>>>> X-Message-Info: LsUYwwHHNt1YGVdsJHk9XJ3CjXqSQnQhAaTm5/PIsXI>>>>> User-Agent: Thunderbird 1.5.0.4 (Windows/20060516) >>>>> X-Virus-Scanned: ClamAV 0.88.2/1538/Tue Jun 13 13:17:56 2006 on mta1 >>>>> X-Virus-Status: Clean >>>>> X-RedHat-Spam-Score: 0 X-loop: fedora-directory-users@redhat.com >>>>> X-BeenThere: fedora-directory-users@redhat.com >>>>> X-Mailman-Version: 2.1.5 >>>>> Precedence: junk >>>>> List-Id: "General discussion list for the Fedora Directory server >>>>> project."<fedora-directory-users.redhat.com> >>>>> List-Unsubscribe: >>>>> <https://www.redhat.com/mailman/listinfo/fedora-directory-users>,<mailto:fedora-directory-users-request@redhat.com?subject=unsubscribe> >>>>> >>>>> List-Archive: >>>>> <https://www.redhat.com/archives/fedora-directory-users> >>>>> List-Post: <mailto:fedora-directory-users@redhat.com> >>>>> List-Help: >>>>> <mailto:fedora-directory-users-request@redhat.com?subject=help> >>>>> List-Subscribe: >>>>> <https://www.redhat.com/mailman/listinfo/fedora-directory-users>,<mailto:fedora-directory-users-request@redhat.com?subject=subscribe> >>>>> >>>>> Errors-To: fedora-directory-users-bounces@redhat.com >>>>> Return-Path: fedora-directory-users-bounces@redhat.com >>>>> X-OriginalArrivalTime: 13 Jun 2006 22:08:16.0215 (UTC) >>>>> FILETIME=[DEE3D670:01C68F35] >>>>> >>>>> I thought that I had the PassSync working until I ran into this >>>>> problem: >>>>> >>>>> Passwords are not synchronized from FDS to AD. When accounts are >>>>> added to FDS, they do show up in AD ( Although sometimes the cn >>>>> attribute gets base64 encoded ), but I cannot authenticate to AD. >>>>> When I change passwords in the FDS side, they are not changed ( or >>>>> not sent ) to AD. If I change passwords in AD, they are changed in >>>>> the FDS. >>>>> >>>>> The logs show that something is happening (changed host names and >>>>> dn''s) >>>>> >>>>> [13/Jun/2006:15:03:41 -0700] NSMMReplicationPlugin - agmt="cn=AD" >>>>> (ad:636): No linger to cancel on the connection >>>>> [13/Jun/2006:15:03:41 -0700] NSMMReplicationPlugin - >>>>> windows_acquire_replica returned success (101) >>>>> [13/Jun/2006:15:03:41 -0700] NSMMReplicationPlugin - agmt="cn=AD" >>>>> (ad:636): State: ready_to_acquire_replica -> sending_updates >>>>> [13/Jun/2006:15:03:41 -0700] - _cl5PositionCursorForReplay >>>>> (agmt="cn=AD" (ad:636)): Consumer RUV: >>>>> [13/Jun/2006:15:03:41 -0700] NSMMReplicationPlugin - agmt="cn=AD" >>>>> (ad:636): {replicageneration} 448f18ae000000010000 >>>>> [13/Jun/2006:15:03:41 -0700] NSMMReplicationPlugin - agmt="cn=AD" >>>>> (ad:636): {replica 1 ldap://fds:389} 448f18e4000100010000 >>>>> 448f363d03d400010000 448f363d >>>>> [13/Jun/2006:15:03:41 -0700] - _cl5PositionCursorForReplay >>>>> (agmt="cn=AD" (ad:636)): Supplier RUV: >>>>> [13/Jun/2006:15:03:41 -0700] NSMMReplicationPlugin - agmt="cn=AD" >>>>> (ad:636): {replicageneration} 448f18ae000000010000 >>>>> [13/Jun/2006:15:03:41 -0700] NSMMReplicationPlugin - agmt="cn=AD" >>>>> (ad:636): {replica 1 ldap://fds:389} 448f18e4000100010000 >>>>> 448f363d03d700010000 448f363d >>>>> [13/Jun/2006:15:03:41 -0700] agmt="cn=AD" (ad:636) - session >>>>> start: anchorcsn=448f363d03d400010000 >>>>> [13/Jun/2006:15:03:41 -0700] NSMMReplicationPlugin - changelog >>>>> program - agmt="cn=AD" (ad:636): CSN 448f363d03d400010000 found, >>>>> position set for replay >>>>> [13/Jun/2006:15:03:41 -0700] agmt="cn=AD" (ad:636) - load=1 rec=1 >>>>> csn=448f363d03d600010000 >>>>> [13/Jun/2006:15:03:41 -0700] NSMMReplicationPlugin - agmt="cn=AD" >>>>> (ad:636): windows_replay_update: Looking at modify operation local >>>>> dn="uid=user,ou=people,dc=server,dc=,dc=" (ours,user,not group) >>>>> [13/Jun/2006:15:03:41 -0700] NSMMReplicationPlugin - agmt="cn=AD" >>>>> (ad:636): windows_replay_update: Processing modify operation local >>>>> dn="uid=user,ou=people,dc=server,dc=,dc=" remote >>>>> dn="<GUID=16f869dcfdde3d42bcb075fd4a1c7980>" >>>>> >>>>> >>>>> I''m not sure what is going on, I can talk via SSL from FDS to AD, >>>>> and I''m assuming that the PassSync service is working properly >>>>> since the changes from AD to FDS work. >>>>> >>>>> Any suggestions? >>>>> >>>>> >>>>> -- >>>>> Fedora-directory-users mailing list >>>>> Fedora-directory-users@redhat.com >>>>> https://www.redhat.com/mailman/listinfo/fedora-directory-users >>>> >>>> >>>> _________________________________________________________________ >>>> Express yourself instantly with MSN Messenger! Download today it''s >>>> FREE! http://messenger.msn.click-url.com/go/onm00200471ave/direct/01/ >>>> >>>> -- >>>> Fedora-directory-users mailing list >>>> Fedora-directory-users@redhat.com >>>> https://www.redhat.com/mailman/listinfo/fedora-directory-users >>> >>> >>> -- >>> Fedora-directory-users mailing list >>> Fedora-directory-users@redhat.com >>> https://www.redhat.com/mailman/listinfo/fedora-directory-users >> >> >> ------------------------------------------------------------------------ >> >> -- >> Fedora-directory-users mailing list >> Fedora-directory-users@redhat.com >> https://www.redhat.com/mailman/listinfo/fedora-directory-users >> > > > -- > Fedora-directory-users mailing list > Fedora-directory-users@redhat.com > https://www.redhat.com/mailman/listinfo/fedora-directory-users >
David Boreham
2006-Jun-14 17:59 UTC
Re: [Fedora-directory-users] PassSync only working one way
Can the OP post a verbose log segment relating to this problem please ? There _should_ be something in the log to indicate where the problem lies.
Jeff Gamsby
2006-Jun-14 18:19 UTC
Re: [Fedora-directory-users] PassSync only working one way
Thanks, I''ll try to generate the UnicodePwd and run ldapmodify.
Here is a piece of the log:
[14/Jun/2006:11:14:37 -0700] NSMMReplicationPlugin - agmt="cn=AD"
(ad:636): State: ready_to_acquire_replica -> wait_for_changes
[14/Jun/2006:11:14:37 -0700] NSMMReplicationPlugin - ruv_update_ruv:
successfully committed csn 44905226069300010000
[14/Jun/2006:11:14:37 -0700] NSMMReplicationPlugin - agmt="cn=AD"
(ad:636): State: wait_for_changes -> wait_for_changes
[14/Jun/2006:11:14:37 -0700] NSMMReplicationPlugin - agmt="cn=AD"
(ad:636): State: wait_for_changes -> ready_to_acquire_replica
[14/Jun/2006:11:14:37 -0700] NSMMReplicationPlugin - ruv_update_ruv:
successfully committed csn 44905226069200010000
[14/Jun/2006:11:14:37 -0700] - acquire_replica, supplier RUV:
[14/Jun/2006:11:14:37 -0700] NSMMReplicationPlugin - supplier:
{replicageneration} 448f18ae000000010000
[14/Jun/2006:11:14:37 -0700] NSMMReplicationPlugin - supplier: {replica
1 ldap://fds.server.example.com:389} 448f18e4000100010000
44905226069300010000 4490520d
[14/Jun/2006:11:14:37 -0700] - acquire_replica, consumer RUV:
[14/Jun/2006:11:14:37 -0700] NSMMReplicationPlugin - consumer:
{replicageneration} 448f18ae000000010000
[14/Jun/2006:11:14:37 -0700] NSMMReplicationPlugin - consumer: {replica
1 ldap://fds.server.example.com:389} 448f18e4000100010000
44905226069000010000 4490520d
[14/Jun/2006:11:14:37 -0700] - acquire_replica, supplier RUV is newer
[14/Jun/2006:11:14:37 -0700] NSMMReplicationPlugin - agmt="cn=AD"
(ad:636): Trying secure slapi_ldap_init
[14/Jun/2006:11:14:37 -0700] NSMMReplicationPlugin - agmt="cn=AD"
(ad:636): binddn =
cn=administrator,cn=users,dc=server,dc=example,dc=com, passwd =
{DES}fgfdgfdgdfgfdgdfgdfg=[14/Jun/2006:11:14:37 -0700] NSMMReplicationPlugin -
agmt="cn=AD"
(ad:636): No linger to cancel on the connection
[14/Jun/2006:11:14:37 -0700] NSMMReplicationPlugin -
windows_acquire_replica returned success (101)
[14/Jun/2006:11:14:37 -0700] NSMMReplicationPlugin - agmt="cn=AD"
(ad:636): State: ready_to_acquire_replica -> sending_updates
[14/Jun/2006:11:14:37 -0700] - _cl5PositionCursorForReplay
(agmt="cn=AD"
(ad:636)): Consumer RUV:
[14/Jun/2006:11:14:37 -0700] NSMMReplicationPlugin - agmt="cn=AD"
(ad:636): {replicageneration} 448f18ae000000010000
[14/Jun/2006:11:14:37 -0700] NSMMReplicationPlugin - agmt="cn=AD"
(ad:636): {replica 1 ldap://fds.server.example.com:389}
448f18e4000100010000 44905226069000010000 4490520d
[14/Jun/2006:11:14:37 -0700] - _cl5PositionCursorForReplay
(agmt="cn=AD"
(ad:636)): Supplier RUV:
[14/Jun/2006:11:14:37 -0700] NSMMReplicationPlugin - agmt="cn=AD"
(ad:636): {replicageneration} 448f18ae000000010000
[14/Jun/2006:11:14:37 -0700] NSMMReplicationPlugin - agmt="cn=AD"
(ad:636): {replica 1 ldap://fds.server.example.com:389}
448f18e4000100010000 44905226069300010000 4490520d
[14/Jun/2006:11:14:37 -0700] agmt="cn=AD" (ad:636) - session start:
anchorcsn=44905226069000010000
[14/Jun/2006:11:14:37 -0700] NSMMReplicationPlugin - changelog program -
agmt="cn=AD" (ad:636): CSN 44905226069000010000 found, position set
for
replay
[14/Jun/2006:11:14:37 -0700] agmt="cn=AD" (ad:636) - load=1 rec=1
csn=44905226069200010000
[14/Jun/2006:11:14:37 -0700] NSMMReplicationPlugin - agmt="cn=AD"
(ad:636): windows_replay_update: Looking at modify operation local
dn="uid=user,ou=people,dc=server,dc=example,dc=com" (ours,user,not
group)
[14/Jun/2006:11:14:37 -0700] NSMMReplicationPlugin - agmt="cn=AD"
(ad:636): windows_replay_update: Processing modify operation local
dn="uid=user,ou=people,dc=server,dc=example,dc=com" remote
dn="<GUID=ca0856f71f7bbc4ebd7e062367d7c893>"
[14/Jun/2006:11:14:38 -0700] NSMMReplicationPlugin - agmt="cn=AD"
(ad:636): Received result code 0 () for modify operation
[14/Jun/2006:11:14:38 -0700] agmt="cn=AD" (ad:636) - load=1 rec=2
csn=44905226069300010000
[14/Jun/2006:11:14:38 -0700] NSMMReplicationPlugin - agmt="cn=AD"
(ad:636): windows_replay_update: Looking at modify operation local
dn="uid=user,ou=people,dc=server,dc=example,dc=com" (ours,user,not
group)
[14/Jun/2006:11:14:38 -0700] NSMMReplicationPlugin - agmt="cn=AD"
(ad:636): windows_replay_update: Processing modify operation local
dn="uid=user,ou=people,dc=server,dc=example,dc=com" remote
dn="<GUID=ca0856f71f7bbc4ebd7e062367d7c893>"
[14/Jun/2006:11:14:38 -0700] agmt="cn=AD" (ad:636) -
clcache_load_buffer: rc=-30990
[14/Jun/2006:11:14:38 -0700] NSMMReplicationPlugin - agmt="cn=AD"
(ad:636): No more updates to send (cl5GetNextOperationToReplay)
[14/Jun/2006:11:14:38 -0700] agmt="cn=AD" (ad:636) - session end:
state=5 load=1 sent=2 skipped=0
[14/Jun/2006:11:14:38 -0700] NSMMReplicationPlugin - agmt="cn=AD"
(ad:636): Beginning linger on the connection
[14/Jun/2006:11:14:38 -0700] NSMMReplicationPlugin - agmt="cn=AD"
(ad:636): State: sending_updates -> wait_for_changes
[14/Jun/2006:11:14:38 -0700] NSMMReplicationPlugin - agmt="cn=AD"
(ad:636): State: wait_for_changes -> ready_to_acquire_replica
[14/Jun/2006:11:14:38 -0700] NSMMReplicationPlugin - agmt="cn=AD"
(ad:636): Linger timeout has expired on the connection
[14/Jun/2006:11:14:38 -0700] - acquire_replica, supplier RUV:
[14/Jun/2006:11:14:38 -0700] NSMMReplicationPlugin - supplier:
{replicageneration} 448f18ae000000010000
[14/Jun/2006:11:14:38 -0700] NSMMReplicationPlugin - agmt="cn=AD"
(ad:636): Disconnected from the consumer
[14/Jun/2006:11:14:38 -0700] NSMMReplicationPlugin - supplier: {replica
1 ldap://fds.server.example.com:389} 448f18e4000100010000
44905226069300010000 4490520d
[14/Jun/2006:11:14:38 -0700] - acquire_replica, consumer RUV:
[14/Jun/2006:11:14:38 -0700] NSMMReplicationPlugin -
ruv_add_csn_inprogress: successfully inserted csn 44905227000000010000
into pending list
[14/Jun/2006:11:14:38 -0700] NSMMReplicationPlugin - consumer:
{replicageneration} 448f18ae000000010000
[14/Jun/2006:11:14:38 -0700] NSMMReplicationPlugin - Purged state
information from entry uid=user,ou=People, dc=server,dc=example,dc=com
up to CSN 448717a6069300010000
[14/Jun/2006:11:14:38 -0700] NSMMReplicationPlugin - consumer: {replica
1 ldap://fds.server.example.com:389} 448f18e4000100010000
44905226069300010000 4490520e
[14/Jun/2006:11:14:38 -0700] NSMMReplicationPlugin -
windows_acquire_replica returned consumer_was_uptodate (104)
[14/Jun/2006:11:14:38 -0700] NSMMReplicationPlugin - agmt="cn=AD"
(ad:636): State: ready_to_acquire_replica -> wait_for_changes
[14/Jun/2006:11:14:38 -0700] NSMMReplicationPlugin -
ruv_add_csn_inprogress: successfully inserted csn 44905227000100010000
into pending list
[14/Jun/2006:11:14:38 -0700] NSMMReplicationPlugin - Purged state
information from entry uid=user,ou=People, dc=server,dc=example,dc=com
up to CSN 448717a6069300010000
[14/Jun/2006:11:14:38 -0700] NSMMReplicationPlugin - ruv_update_ruv:
successfully committed csn 44905227000100010000
[14/Jun/2006:11:14:38 -0700] NSMMReplicationPlugin - agmt="cn=AD"
(ad:636): State: wait_for_changes -> wait_for_changes
[14/Jun/2006:11:14:38 -0700] NSMMReplicationPlugin - agmt="cn=AD"
(ad:636): State: wait_for_changes -> ready_to_acquire_replica
[14/Jun/2006:11:14:38 -0700] NSMMReplicationPlugin - ruv_update_ruv:
successfully committed csn 44905227000000010000
[14/Jun/2006:11:14:38 -0700] - acquire_replica, supplier RUV:
[14/Jun/2006:11:14:38 -0700] NSMMReplicationPlugin - supplier:
{replicageneration} 448f18ae000000010000
[14/Jun/2006:11:14:38 -0700] NSMMReplicationPlugin - supplier: {replica
1 ldap://fds.server.example.com:389} 448f18e4000100010000
44905227000100010000 4490520e
[14/Jun/2006:11:14:38 -0700] - acquire_replica, consumer RUV:
[14/Jun/2006:11:14:38 -0700] NSMMReplicationPlugin - consumer:
{replicageneration} 448f18ae000000010000
[14/Jun/2006:11:14:38 -0700] NSMMReplicationPlugin - consumer: {replica
1 ldap://fds.server.example.com:389} 448f18e4000100010000
44905226069300010000 4490520e
[14/Jun/2006:11:14:38 -0700] - acquire_replica, supplier RUV is newer
[14/Jun/2006:11:14:38 -0700] NSMMReplicationPlugin - agmt="cn=AD"
(ad:636): Trying secure slapi_ldap_init
[14/Jun/2006:11:14:38 -0700] NSMMReplicationPlugin - agmt="cn=AD"
(ad:636): binddn =
cn=administrator,cn=users,dc=server,dc=example,dc=com, passwd =
{DES}dfgfdgfgfdgfdgfdgfdgfdgfdg=[14/Jun/2006:11:14:38 -0700]
NSMMReplicationPlugin - agmt="cn=AD"
(ad:636): No linger to cancel on the connection
[14/Jun/2006:11:14:38 -0700] NSMMReplicationPlugin -
windows_acquire_replica returned success (101)
[14/Jun/2006:11:14:38 -0700] NSMMReplicationPlugin - agmt="cn=AD"
(ad:636): State: ready_to_acquire_replica -> sending_updates
[14/Jun/2006:11:14:38 -0700] - _cl5PositionCursorForReplay
(agmt="cn=AD"
(ad:636)): Consumer RUV:
[14/Jun/2006:11:14:38 -0700] NSMMReplicationPlugin - agmt="cn=AD"
(ad:636): {replicageneration} 448f18ae000000010000
[14/Jun/2006:11:14:38 -0700] NSMMReplicationPlugin - agmt="cn=AD"
(ad:636): {replica 1 ldap://fds.server.example.com:389}
448f18e4000100010000 44905226069300010000 4490520e
[14/Jun/2006:11:14:38 -0700] - _cl5PositionCursorForReplay
(agmt="cn=AD"
(ad:636)): Supplier RUV:
[14/Jun/2006:11:14:38 -0700] NSMMReplicationPlugin - agmt="cn=AD"
(ad:636): {replicageneration} 448f18ae000000010000
[14/Jun/2006:11:14:38 -0700] NSMMReplicationPlugin - agmt="cn=AD"
(ad:636): {replica 1 ldap://fds.server.example.com:389}
448f18e4000100010000 44905227000100010000 4490520e
[14/Jun/2006:11:14:38 -0700] agmt="cn=AD" (ad:636) - session start:
anchorcsn=44905226069300010000
[14/Jun/2006:11:14:38 -0700] NSMMReplicationPlugin - changelog program -
agmt="cn=AD" (ad:636): CSN 44905226069300010000 found, position set
for
replay
[14/Jun/2006:11:14:38 -0700] agmt="cn=AD" (ad:636) - load=1 rec=1
csn=44905227000000010000
[14/Jun/2006:11:14:38 -0700] NSMMReplicationPlugin - agmt="cn=AD"
(ad:636): windows_replay_update: Looking at modify operation local
dn="uid=user,ou=people,dc=server,dc=example,dc=com" (ours,user,not
group)
[14/Jun/2006:11:14:38 -0700] NSMMReplicationPlugin - agmt="cn=AD"
(ad:636): windows_replay_update: Processing modify operation local
dn="uid=user,ou=people,dc=server,dc=example,dc=com" remote
dn="<GUID=ca0856f71f7bbc4ebd7e062367d7c893>"
[14/Jun/2006:11:14:38 -0700] NSMMReplicationPlugin - agmt="cn=AD"
(ad:636): Received result code 0 () for modify operation
[14/Jun/2006:11:14:38 -0700] agmt="cn=AD" (ad:636) - load=1 rec=2
csn=44905227000100010000
[14/Jun/2006:11:14:38 -0700] NSMMReplicationPlugin - agmt="cn=AD"
(ad:636): windows_replay_update: Looking at modify operation local
dn="uid=user,ou=people,dc=server,dc=example,dc=com" (ours,user,not
group)
[14/Jun/2006:11:14:38 -0700] NSMMReplicationPlugin - agmt="cn=AD"
(ad:636): windows_replay_update: Processing modify operation local
dn="uid=user,ou=people,dc=server,dc=example,dc=com" remote
dn="<GUID=ca0856f71f7bbc4ebd7e062367d7c893>"
[14/Jun/2006:11:14:38 -0700] agmt="cn=AD" (ad:636) -
clcache_load_buffer: rc=-30990
[14/Jun/2006:11:14:38 -0700] NSMMReplicationPlugin - agmt="cn=AD"
(ad:636): No more updates to send (cl5GetNextOperationToReplay)
[14/Jun/2006:11:14:38 -0700] agmt="cn=AD" (ad:636) - session end:
state=5 load=1 sent=2 skipped=0
[14/Jun/2006:11:14:38 -0700] NSMMReplicationPlugin - agmt="cn=AD"
(ad:636): Beginning linger on the connection
[14/Jun/2006:11:14:38 -0700] NSMMReplicationPlugin - agmt="cn=AD"
(ad:636): State: sending_updates -> wait_for_changes
[14/Jun/2006:11:14:38 -0700] NSMMReplicationPlugin - agmt="cn=AD"
(ad:636): Linger timeout has expired on the connection
[14/Jun/2006:11:14:38 -0700] NSMMReplicationPlugin - agmt="cn=AD"
(ad:636): State: wait_for_changes -> ready_to_acquire_replica
[14/Jun/2006:11:14:38 -0700] NSMMReplicationPlugin - agmt="cn=AD"
(ad:636): Disconnected from the consumer
[14/Jun/2006:11:14:38 -0700] NSMMReplicationPlugin -
ruv_add_csn_inprogress: successfully inserted csn 44905227069400010000
into pending list
[14/Jun/2006:11:14:38 -0700] - acquire_replica, supplier RUV:
[14/Jun/2006:11:14:38 -0700] NSMMReplicationPlugin - supplier:
{replicageneration} 448f18ae000000010000
[14/Jun/2006:11:14:38 -0700] NSMMReplicationPlugin - Purged state
information from entry uid=user,ou=People, dc=server,dc=example,dc=com
up to CSN 448717a7000100010000
[14/Jun/2006:11:14:38 -0700] NSMMReplicationPlugin - supplier: {replica
1 ldap://fds.server.example.com:389} 448f18e4000100010000
44905227000100010000 4490520e
[14/Jun/2006:11:14:38 -0700] - acquire_replica, consumer RUV:
[14/Jun/2006:11:14:38 -0700] NSMMReplicationPlugin - consumer:
{replicageneration} 448f18ae000000010000
[14/Jun/2006:11:14:38 -0700] NSMMReplicationPlugin -
ruv_add_csn_inprogress: successfully inserted csn 44905227069500010000
into pending list
[14/Jun/2006:11:14:38 -0700] NSMMReplicationPlugin - consumer: {replica
1 ldap://fds.server.example.com:389} 448f18e4000100010000
44905227000100010000 4490520e
[14/Jun/2006:11:14:38 -0700] NSMMReplicationPlugin - Purged state
information from entry uid=user,ou=People, dc=server,dc=example,dc=com
up to CSN 448717a7000100010000
[14/Jun/2006:11:14:38 -0700] NSMMReplicationPlugin -
windows_acquire_replica returned consumer_was_uptodate (104)
[14/Jun/2006:11:14:38 -0700] NSMMReplicationPlugin - agmt="cn=AD"
(ad:636): State: ready_to_acquire_replica -> wait_for_changes
[14/Jun/2006:11:14:38 -0700] NSMMReplicationPlugin - ruv_update_ruv:
successfully committed csn 44905227069500010000
[14/Jun/2006:11:14:38 -0700] NSMMReplicationPlugin - agmt="cn=AD"
(ad:636): State: wait_for_changes -> wait_for_changes
[14/Jun/2006:11:14:38 -0700] NSMMReplicationPlugin - agmt="cn=AD"
(ad:636): State: wait_for_changes -> ready_to_acquire_replica
[14/Jun/2006:11:14:38 -0700] NSMMReplicationPlugin - ruv_update_ruv:
successfully committed csn 44905227069400010000
[14/Jun/2006:11:14:38 -0700] - acquire_replica, supplier RUV:
[14/Jun/2006:11:14:38 -0700] NSMMReplicationPlugin - supplier:
{replicageneration} 448f18ae000000010000
[14/Jun/2006:11:14:38 -0700] NSMMReplicationPlugin - supplier: {replica
1 ldap://fds.server.example.com:389} 448f18e4000100010000
44905227069500010000 4490520e
[14/Jun/2006:11:14:38 -0700] - acquire_replica, consumer RUV:
[14/Jun/2006:11:14:38 -0700] NSMMReplicationPlugin - consumer:
{replicageneration} 448f18ae000000010000
[14/Jun/2006:11:14:38 -0700] NSMMReplicationPlugin - consumer: {replica
1 ldap://fds.server.example.com:389} 448f18e4000100010000
44905227000100010000 4490520e
[14/Jun/2006:11:14:38 -0700] - acquire_replica, supplier RUV is newer
[14/Jun/2006:11:14:38 -0700] NSMMReplicationPlugin - agmt="cn=AD"
(ad:636): Trying secure slapi_ldap_init
[14/Jun/2006:11:14:38 -0700] NSMMReplicationPlugin - agmt="cn=AD"
(ad:636): binddn =
cn=administrator,cn=users,dc=server,dc=example,dc=com, passwd =
{DES}fgfdgfdgfdgfdgdfg=[14/Jun/2006:11:14:38 -0700] NSMMReplicationPlugin -
agmt="cn=AD"
(ad:636): No linger to cancel on the connection
[14/Jun/2006:11:14:38 -0700] NSMMReplicationPlugin -
windows_acquire_replica returned success (101)
[14/Jun/2006:11:14:38 -0700] NSMMReplicationPlugin - agmt="cn=AD"
(ad:636): State: ready_to_acquire_replica -> sending_updates
[14/Jun/2006:11:14:38 -0700] - _cl5PositionCursorForReplay
(agmt="cn=AD"
(ad:636)): Consumer RUV:
[14/Jun/2006:11:14:38 -0700] NSMMReplicationPlugin - agmt="cn=AD"
(ad:636): {replicageneration} 448f18ae000000010000
[14/Jun/2006:11:14:38 -0700] NSMMReplicationPlugin - agmt="cn=AD"
(ad:636): {replica 1 ldap://fds.server.example.com:389}
448f18e4000100010000 44905227000100010000 4490520e
[14/Jun/2006:11:14:38 -0700] - _cl5PositionCursorForReplay
(agmt="cn=AD"
(ad:636)): Supplier RUV:
[14/Jun/2006:11:14:38 -0700] NSMMReplicationPlugin - agmt="cn=AD"
(ad:636): {replicageneration} 448f18ae000000010000
[14/Jun/2006:11:14:38 -0700] NSMMReplicationPlugin - agmt="cn=AD"
(ad:636): {replica 1 ldap://fds.server.example.com:389}
448f18e4000100010000 44905227069500010000 4490520e
[14/Jun/2006:11:14:38 -0700] agmt="cn=AD" (ad:636) - session start:
anchorcsn=44905227000100010000
[14/Jun/2006:11:14:38 -0700] NSMMReplicationPlugin - changelog program -
agmt="cn=AD" (ad:636): CSN 44905227000100010000 found, position set
for
replay
[14/Jun/2006:11:14:38 -0700] agmt="cn=AD" (ad:636) - load=1 rec=1
csn=44905227069400010000
[14/Jun/2006:11:14:38 -0700] NSMMReplicationPlugin - agmt="cn=AD"
(ad:636): windows_replay_update: Looking at modify operation local
dn="uid=user,ou=people,dc=server,dc=example,dc=com" (ours,user,not
group)
[14/Jun/2006:11:14:38 -0700] NSMMReplicationPlugin - agmt="cn=AD"
(ad:636): windows_replay_update: Processing modify operation local
dn="uid=user,ou=people,dc=server,dc=example,dc=com" remote
dn="<GUID=ca0856f71f7bbc4ebd7e062367d7c893>"
[14/Jun/2006:11:14:38 -0700] NSMMReplicationPlugin - agmt="cn=AD"
(ad:636): Received result code 0 () for modify operation
[14/Jun/2006:11:14:38 -0700] agmt="cn=AD" (ad:636) - load=1 rec=2
csn=44905227069500010000
[14/Jun/2006:11:14:38 -0700] NSMMReplicationPlugin - agmt="cn=AD"
(ad:636): windows_replay_update: Looking at modify operation local
dn="uid=user,ou=people,dc=server,dc=example,dc=com" (ours,user,not
group)
[14/Jun/2006:11:14:38 -0700] NSMMReplicationPlugin - agmt="cn=AD"
(ad:636): windows_replay_update: Processing modify operation local
dn="uid=user,ou=people,dc=server,dc=example,dc=com" remote
dn="<GUID=ca0856f71f7bbc4ebd7e062367d7c893>"
[14/Jun/2006:11:14:38 -0700] agmt="cn=AD" (ad:636) -
clcache_load_buffer: rc=-30990
[14/Jun/2006:11:14:38 -0700] NSMMReplicationPlugin - agmt="cn=AD"
(ad:636): No more updates to send (cl5GetNextOperationToReplay)
[14/Jun/2006:11:14:38 -0700] agmt="cn=AD" (ad:636) - session end:
state=5 load=1 sent=2 skipped=0
[14/Jun/2006:11:14:38 -0700] NSMMReplicationPlugin - agmt="cn=AD"
(ad:636): Beginning linger on the connection
[14/Jun/2006:11:14:38 -0700] NSMMReplicationPlugin - agmt="cn=AD"
(ad:636): State: sending_updates -> wait_for_changes
[14/Jun/2006:11:14:38 -0700] NSMMReplicationPlugin - agmt="cn=AD"
(ad:636): State: wait_for_changes -> ready_to_acquire_replica
[14/Jun/2006:11:14:38 -0700] NSMMReplicationPlugin - agmt="cn=AD"
(ad:636): Linger timeout has expired on the connection
[14/Jun/2006:11:14:38 -0700] - acquire_replica, supplier RUV:
[14/Jun/2006:11:14:38 -0700] NSMMReplicationPlugin - agmt="cn=AD"
(ad:636): Disconnected from the consumer
[14/Jun/2006:11:14:38 -0700] NSMMReplicationPlugin - supplier:
{replicageneration} 448f18ae000000010000
[14/Jun/2006:11:14:38 -0700] NSMMReplicationPlugin - supplier: {replica
1 ldap://fds.server.example.com:389} 448f18e4000100010000
44905227069500010000 4490520e
[14/Jun/2006:11:14:38 -0700] - acquire_replica, consumer RUV:
[14/Jun/2006:11:14:38 -0700] NSMMReplicationPlugin - consumer:
{replicageneration} 448f18ae000000010000
[14/Jun/2006:11:14:38 -0700] NSMMReplicationPlugin - consumer: {replica
1 ldap://fds.server.example.com:389} 448f18e4000100010000
44905227069500010000 4490520e
[14/Jun/2006:11:14:38 -0700] NSMMReplicationPlugin -
windows_acquire_replica returned consumer_was_uptodate (104)
[14/Jun/2006:11:14:38 -0700] NSMMReplicationPlugin - agmt="cn=AD"
(ad:636): State: ready_to_acquire_replica -> wait_for_changes
David Boreham wrote:> Can the OP post a verbose log segment relating to this problem please ?
> There _should_ be something in the log to indicate where the problem
> lies.
>
>
>
> --
> Fedora-directory-users mailing list
> Fedora-directory-users@redhat.com
> https://www.redhat.com/mailman/listinfo/fedora-directory-users
David Boreham
2006-Jun-14 18:40 UTC
Re: [Fedora-directory-users] PassSync only working one way
Jeff Gamsby wrote:> > Here is a piece of the log:This tells me that FDS either a) succeeded in modifying the user''s password or b) it never tried to generate the modify. It isn''t clear from the log what the two modify operations in the changelog are (why are there two??). Can you say more about how you are modifying this user''s password on the FDS side ?