<html>
<head>
<meta content="text/html; charset=ISO-8859-1"
http-equiv="Content-Type">
</head>
<body bgcolor="#FFFFFF" text="#000000">
<div class="moz-cite-prefix">On 05/17/2013 09:26 AM, Steve Dainard
wrote:<br>
</div>
<blockquote
cite="mid:CAHnsdUvrZL6HskopHxH0AhUVp1s9YWFt+KY_ODo9sDeezpt9mQ@mail.gmail.com"
type="cite">
<div dir="ltr">Hello,
<div><br>
</div>
<div>We're running a single IPA server (CentOS 6) on our network
as a side project for some testing before we implement.</div>
<div><br>
</div>
<div>It had been a significant period of time since I had last
logged into the web interface, so I had to kinit from a client
machine (of which I had logged into successfully with my
domain password), at which point I was requested to change my
password. After the password change I RDP'd into a Windows
machine on our domain and realized the password had not been
updated on the domain controller.</div>
<div><br>
</div>
<div>Is the password sync feature with an external source such
as Active Directory supposed to be two-way? If so where can I
start troubleshooting this issue?</div>
</div>
</blockquote>
<br>
Are you talking about a windows sync agreement you set up with
ipa-replica-manage?<br>
If so, yes, the password sync is supposed to be two-way.<br>
Try this:<br>
turn on the replication log level
<a class="moz-txt-link-freetext" href="http://port389.org/wiki/FAQ#Troubleshooting">http://port389.org/wiki/FAQ#Troubleshooting</a><br>
change your IPA password<br>
turn off the replication log level
<a class="moz-txt-link-freetext" href="http://port389.org/wiki/FAQ#Troubleshooting">http://port389.org/wiki/FAQ#Troubleshooting</a><br>
see if you can use your new password in AD<br>
<br>
The 389 errors log in /var/log/dirsrv/slapd-YOUR-DOMAIN/errors may
contain a clue.<br>
<br>
<blockquote
cite="mid:CAHnsdUvrZL6HskopHxH0AhUVp1s9YWFt+KY_ODo9sDeezpt9mQ@mail.gmail.com"
type="cite">
<div dir="ltr">
<div><br>
</div>
<div>Thanks,<br clear="all">
<div>
<div dir="ltr"><br>
<br>
<br>
Steve Dainard<br>
Infrastructure Manager
<div>Miovision Technologies Inc.<br>
</div>
</div>
</div>
</div>
</div>
<br>
<fieldset class="mimeAttachmentHeader"></fieldset>
<br>
<pre wrap="">_______________________________________________
Freeipa-users mailing list
<a class="moz-txt-link-abbreviated" href="mailto:Freeipa-users@redhat.com">Freeipa-users@redhat.com</a>
<a class="moz-txt-link-freetext" href="https://www.redhat.com/mailman/listinfo/freeipa-users">https://www.redhat.com/mailman/listinfo/freeipa-users</a></pre>
</blockquote>
<br>
</body>
</html>