Fedora directory users - Dec 2005 - Windows NT4 Password Sync Problem

Hallo everyone,

so now the Winsync from NT4 PDC -> FDS works fine (thanks to all)

And now the next step gives me a problem.
I do the Password sync without SSL connection (only one problem at a time).
The setup should be correct:

Windows Reg entry:
(Default)       (value not set)
Cert Token      ""
Hostname        "192.168.1.55"
Install Path    "C:\Program Files\Red....."
Password        "guessmypw"
Password Field  "userpassword"
Port Number     "389"
Search Base     "ou=People,dc=daheim,dc=weil"
User Name       "uid=useradmin,ou=Special Users,dc=daheim,dc=weil"
User Name Field  "ntuserdomainid"

the bind user has the aci''s to change all values in the user tree
But I recive the following error at the PDC:

"The description for event (105) in source (Password Synchronization
Service) could not be found. It contains the following insertion
string(s):."

So in fact nothing happens :(
At the FDS logs I don''t see anything, so there seems no communication
between ADS and FDS. The same as a question from

RE: [Fedora-directory-users] AD sync
from Darjo Gregoric at Thu, 3 Nov 2005

Is there anything missing in the setup? Or is something wrong in the
Password Sync Programm. And how should the log at the FDS look like (error
log set to "Replication")?

CU
Hartmut

hartmut.woehrle@mail.pcom.de wrote:
>Hallo everyone,
>
>so now the Winsync from NT4 PDC -> FDS works fine (thanks to all)
>
>And now the next step gives me a problem.
>I do the Password sync without SSL connection (only one problem at a time).
>  
>
The PassSync service requires SSL.  If you take a look at the 
passsync.log file, it should have an error about your SSL config.

-NGK
>The setup should be correct:
>
>Windows Reg entry:
>(Default)       (value not set)
>Cert Token      ""
>Hostname        "192.168.1.55"
>Install Path    "C:\Program Files\Red....."
>Password        "guessmypw"
>Password Field  "userpassword"
>Port Number     "389"
>Search Base     "ou=People,dc=daheim,dc=weil"
>User Name       "uid=useradmin,ou=Special Users,dc=daheim,dc=weil"
>User Name Field  "ntuserdomainid"
>
>the bind user has the aci''s to change all values in the user tree
>But I recive the following error at the PDC:
>
>"The description for event (105) in source (Password Synchronization
>Service) could not be found. It contains the following insertion
>string(s):."
>
>So in fact nothing happens :(
>At the FDS logs I don''t see anything, so there seems no
communication
>between ADS and FDS. The same as a question from
>
>RE: [Fedora-directory-users] AD sync
>from Darjo Gregoric at Thu, 3 Nov 2005
>
>Is there anything missing in the setup? Or is something wrong in the
>Password Sync Programm. And how should the log at the FDS look like (error
>log set to "Replication")?
>
>CU
>Hartmut
>
>
>--
>Fedora-directory-users mailing list
>Fedora-directory-users@redhat.com
>https://www.redhat.com/mailman/listinfo/fedora-directory-users
>  
>

Am Mittwoch, 7. Dezember 2005 15:17 schrieb Nathan
Kinder:
> hartmut.woehrle@mail.pcom.de wrote:
> >Hallo everyone,
> >
> >so now the Winsync from NT4 PDC -> FDS works fine (thanks to all)
> >
> >And now the next step gives me a problem.
> >I do the Password sync without SSL connection (only one problem at a
> > time).
>
> The PassSync service requires SSL.  If you take a look at the
> passsync.log file, it should have an error about your SSL config.
>
> -NGK
Is there a difffernec between AD and NT PDC, because in the discussion of 
Winsync password from Dean Jones you write:

---- citation from Thu, 17 Nov 2005 ------
Nope. Accounts can sync fine without SSL. SSL is only required for passwords 
to sync from AD -> FDS. You should take a look at the "errors" log
on the FDS
side. You may want to enable replication level logging through the Console 
application to get some useful info.

-NGK
---- end citation from Thu, 17 Nov 2005 ------

And the followup from David Boreham says:

---- citation from Thu, 17 Nov 2005 ------ 
Other way around. Password sync AD -> FDS works without SSL.
Password sync FDS -> AD requires SSL. AD will refuse to modify
a password unless you connect via SSL.
---- end citation from Thu, 17 Nov 2005 ------


Cu
Hartmut

-- 
==========================================
    Hartmut Woehrle
    EMail: hartmut.woehrle@mail.pcom.de