On 02/04/2014 01:42 PM, Todd Maugh wrote:
I have not changed any passwords in AD yet.
Then passsync will not have sent anything.
and the users I have in IDM from AD, their passwords are not working
Right. This is one of the (many) problems with the passsync approach -
there currently is no way to populate the initial passwords - that is,
passsync/IdM cannot copy your passwords over from AD to IdM.
------------------------------------------------------------------------
*From:* Rich Megginson [[email protected]]
*Sent:* Tuesday, February 04, 2014 12:40 PM
*To:* Todd Maugh; [email protected]
*Cc:* [email protected]
*Subject:* Re: Creating password sync
On 02/04/2014 01:20 PM, Todd Maugh wrote:
my passhook.log file is empty
Have you changed any passwords in AD?
------------------------------------------------------------------------
*From:* [email protected]
[[email protected]] on behalf of Todd Maugh
[[email protected]]
*Sent:* Tuesday, February 04, 2014 11:56 AM
*To:* Rich Megginson; [email protected]
*Cc:* [email protected]
*Subject:* Re: [Freeipa-users] Creating password sync
Im seeing these errors in the passsync.log
32: No such object
02/03/14 16:23:40: Ldap error in QueryUsername
32: No such object
02/03/14 16:57:48: Abandoning password change for scottb, backoff expired
02/03/14 16:57:48: Ldap bind error in Connect
32: No such object
02/03/14 16:57:48: Ldap error in QueryUsername
32: No such object
02/03/14 18:06:04: Abandoning password change for scottb, backoff expired
02/03/14 18:06:04: Ldap bind error in Connect
32: No such object
02/04/14 10:24:59: PassSync service initialized
02/04/14 10:24:59: PassSync service running
02/04/14 10:25:00: Ldap bind error in Connect
32: No such object
02/04/14 10:58:37: Ldap bind error in Connect
32: No such object
02/04/14 10:58:37: PassSync service stopped
02/04/14 10:58:38: PassSync service initialized
02/04/14 10:58:38: PassSync service running
02/04/14 10:58:39: Ldap bind error in Connect
32: No such object
------------------------------------------------------------------------
*From:* Rich Megginson [[email protected]]
*Sent:* Tuesday, February 04, 2014 9:19 AM
*To:* Todd Maugh; [email protected]
*Cc:* [email protected]
*Subject:* Re: Creating password sync
On 02/04/2014 10:17 AM, Todd Maugh wrote:
also I have verified the password synchronization service is started
and running on the windows 2008 R2 server
but I cant tell if or what it is doing because iM not getting
passwords to my IDM
http://port389.org/wiki/Howto:WindowsSync#PassSync_Logging
You can also look at the 389 access log to see if you have
connections from the windows box.
------------------------------------------------------------------------
*From:* [email protected]
[[email protected]] on behalf of Todd Maugh
[[email protected]]
*Sent:* Tuesday, February 04, 2014 9:04 AM
*To:* Rich Megginson; [email protected]
*Cc:* [email protected]
*Subject:* [Freeipa-users] Creating password sync
Ok, So I have my replication agreement set up.
and I see accounts coming in to my IDM server from AD
I have followed this guide from redhat
https://access.redhat.com/site/documentation/en-US/Red_Hat_Enterprise_Linux/6/html/Identity_Management_Guide/pass-sync.html
to set up my password sync.
I get no errors
but my passwords are not syncing!
Help! the documentation tells o fno way to verify or trouble shoot
Thank You
-Todd Maugh
[email protected]
_______________________________________________
Freeipa-users mailing list
[email protected]
https://www.redhat.com/mailman/listinfo/freeipa-users
