On 05/17/2013 09:26 AM, Steve Dainard wrote:
Hello,

We're running a single IPA server (CentOS 6) on our network as a side project for some testing before we implement.

It had been a significant period of time since I had last logged into the web interface, so I had to kinit from a client machine (of which I had logged into successfully with my domain password), at which point I was requested to change my password. After the password change I RDP'd into a Windows machine on our domain and realized the password had not been updated on the domain controller.

Is the password sync feature with an external source such as Active Directory supposed to be two-way? If so where can I start troubleshooting this issue?

Are you talking about a windows sync agreement you set up with ipa-replica-manage?
If so, yes, the password sync is supposed to be two-way.
Try this:
turn on the replication log level http://port389.org/wiki/FAQ#Troubleshooting
change your IPA password
turn off the replication log level http://port389.org/wiki/FAQ#Troubleshooting
see if you can use your new password in AD

The 389 errors log in /var/log/dirsrv/slapd-YOUR-DOMAIN/errors may contain a clue.


Thanks,



Steve Dainard
Infrastructure Manager
Miovision Technologies Inc.


_______________________________________________
Freeipa-users mailing list
Freeipa-users@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-users

_______________________________________________
Freeipa-users mailing list
Freeipa-users@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-users

Reply via email to