On 05/17/2013 09:26 AM, Steve Dainard wrote:
Hello,
We're running a single IPA server (CentOS 6) on our network as a side
project for some testing before we implement.
It had been a significant period of time since I had last logged into
the web interface, so I had to kinit from a client machine (of which I
had logged into successfully with my domain password), at which point
I was requested to change my password. After the password change I
RDP'd into a Windows machine on our domain and realized the password
had not been updated on the domain controller.
Is the password sync feature with an external source such as Active
Directory supposed to be two-way? If so where can I start
troubleshooting this issue?
Are you talking about a windows sync agreement you set up with
ipa-replica-manage?
If so, yes, the password sync is supposed to be two-way.
Try this:
turn on the replication log level
http://port389.org/wiki/FAQ#Troubleshooting
change your IPA password
turn off the replication log level
http://port389.org/wiki/FAQ#Troubleshooting
see if you can use your new password in AD
The 389 errors log in /var/log/dirsrv/slapd-YOUR-DOMAIN/errors may
contain a clue.
Thanks,
Steve Dainard
Infrastructure Manager
Miovision Technologies Inc.
_______________________________________________
Freeipa-users mailing list
[email protected]
https://www.redhat.com/mailman/listinfo/freeipa-users
_______________________________________________
Freeipa-users mailing list
[email protected]
https://www.redhat.com/mailman/listinfo/freeipa-users
