<html> <head> <meta http-equiv="Content-Type" content="text/html; charset=us-ascii"> <style style="display: none;" id="owaParaStyle" type="text/css"></style><style id="owaParaStyle" type="text/css" style="">  </style> </head> <body tabindex="0" aria-label="Message body" fpstyle="1" dir="ltr"> <div name="divtagdefaultwrapper" id="divtagdefaultwrapper" style="font-family: Calibri,Arial,Helvetica,sans-serif; font-size: 12pt; color: #000000; margin: 0"> notes just sent<br> <p><br> </p> <div> <p><br> </p> <div style="font-family:Tahoma; font-size:13px"> <div style="font-family:Tahoma; font-size:13px"> <div style="font-family:Tahoma; font-size:13px"> <p>regards</p> <p>Steven <br> </p> </div> </div> </div> </div> <p><br> </p> <div style="color: rgb(40, 40, 40);" dir="ltr"> <hr tabindex="-1" style="display:inline-block; width:98%"> <div id="divRplyFwdMsg" dir="ltr"><font style="font-size:11pt" color="#000000" face="Calibri, sans-serif"><b>From:</b> Todd Maugh <tmaugh@boingo.com><br> <b>Sent:</b> Wednesday, 5 February 2014 11:15 a.m.<br> <b>To:</b> Steven Jones; Rich Megginson; dpal@redhat.com<br> <b>Cc:</b> freeipa-users@redhat.com<br> <b>Subject:</b> RE: Creating password sync</font> <div> </div> </div> <div> <div style="direction:ltr; font-family:Tahoma; color:#000000; font-size:10pt">I would be so grateful for your notes as it looks like im most likely having a cert issue as well<br> <br> <br> I'm so damn close to having this thing working, (doesn't help to have your boss come by every 10 minutes)<br> <br> I understand the changes concept now, if I can just get it to work<br> <div style="font-family:Times New Roman; color:#000000; font-size:16px"> <hr tabindex="-1"> <div id="divRpF803066" style="direction:ltr"><font size="2" color="#000000" face="Tahoma"><b>From:</b> Steven Jones [Steven.Jones@vuw.ac.nz]<br> <b>Sent:</b> Tuesday, February 04, 2014 2:11 PM<br> <b>To:</b> Todd Maugh; Rich Megginson; dpal@redhat.com<br> <b>Cc:</b> freeipa-users@redhat.com<br> <b>Subject:</b> RE: Creating password sync<br> </font><br> </div> <div></div> <div> <div name="divtagdefaultwrapper" id="divtagdefaultwrapper" style="font-family:Calibri,Arial,Helvetica,sans-serif; font-size:12pt; color:#000000; margin:0"> I am just doing this now and works fine for me. <br> <p><br> </p> <div> <p>The password has to be changed as there is no way to de-crypt the password in AD and send that. So the .msi you install on each AD server intercepts the password change while its in "plain text" and sends it over to IPA, hence only changes. <br> </p> <p><br> </p> <p>I did have issues with certs, they were a pain in the ass to get right/trusted, looks like you might have a similar issue.<br> </p> <p><br> </p> <p>I had to work through Redhat support to get it right.</p> <p><br> </p> <p>On a brighter note I did it on RHEL6.4 and upgraded the IPA servers to RHEL6.5 and winsync and passync still work fine.<br> </p> <p><br> </p> <p>I'll send you my notes.</p> <p><br> </p> <p>You could use trusts but frankly trusting AD with all its swiss cheese security seems a bit too risky.<br> </p> <p><br> </p> <div style="font-family:Tahoma; font-size:13px"> <div style="font-family:Tahoma; font-size:13px"> <div style="font-family:Tahoma; font-size:13px"> <p>regards</p> <p>Steven <br> </p> </div> </div> </div> </div> <p><br> </p> <div style="color:rgb(40,40,40)"> <hr tabindex="-1" style="display:inline-block; width:98%"> <div id="divRplyFwdMsg" dir="ltr"><font style="font-size:11pt" color="#000000" face="Calibri, sans-serif"><b>From:</b> freeipa-users-bounces@redhat.com <freeipa-users-bounces@redhat.com> on behalf of Todd Maugh <tmaugh@boingo.com><br> <b>Sent:</b> Wednesday, 5 February 2014 9:57 a.m.<br> <b>To:</b> Rich Megginson; dpal@redhat.com<br> <b>Cc:</b> freeipa-users@redhat.com<br> <b>Subject:</b> Re: [Freeipa-users] Creating password sync</font> <div> </div> </div> <div> <div style="direction:ltr; font-family:Tahoma; color:#000000; font-size:10pt">I tested a ssl connection from my ldap server to AD<br> <br> this is the output<br> <br> <pre> openssl s_client -connect qatestdc2.boingoqa.local:636<br>CONNECTED(00000003)<br>depth=0 <br>verify error:num=20:unable to get local issuer certificate<br>verify return:1<br>depth=0 <br>verify error:num=27:certificate not trusted<br>verify return:1<br>depth=0 <br>verify error:num=21:unable to verify the first certificate<br>verify return:1<br>---<br>Certificate chain<br> 0 s:<br> i:/DC=local/DC=boingoqa/CN=SKYWARPCA<br>---<br>Server certificate<br>-----BEGIN CERTIFICATE-----<br>MIIGpzCCBI+gAwIBAgIKYTm2iQAAAAAAETANBgkqhkiG9w0BAQQFADBFMRUwEwYK<br>CZImiZPyLGQBGRYFbG9jYWwxGDAWBgoJkiaJk/IsZAEZFghib2luZ29xYTESMBAG<br>A1UEAxMJU0tZV0FSUENBMB4XDTE0MDIwNDE5MTcxNVoXDTE2MDIwNDE5MjcxNVow<br>ADCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMBobXktKGUg/ynXMuQ7<br>q4KPRHSQkU7yD6wrpC+rzbjVYyg3LyE7+STlt0TbsataBciq5DExeByJIWvDn81T<br>RW2dqXYUhCPfH96rt6SpnZtWwLs2fBtFqnC4K7Wf7k3b3JHUiMw+V9Q6Nlo4w6HX<br>PygYAKVp/4L+SS0S55MRRYhTPgwE6nnj1HXbJuAwyNcn/xaqI5XIoSVYwXYNkaz5<br>4JibJ/bJvMqwfnIQH6JuTz2YgXSdebz6UzgsloYfJlpr15UoAvkRcjtdCN+I6ZGT<br>j9AJNhOCzqDn1M5nrwpDj6+AZjf49yXQ4MndZaCAcD3lUIZZfzBh8plBIhbR6P9l<br>wgsCAwEAAaOCAtwwggLYMD4GCSsGAQQBgjcVBwQxMC8GJysGAQQBgjcVCIb+j0KF<br>oOMAh/2TOIWXwCKG2tdBgUiB4aFdg/6GFQIBZQIBADAyBgNVHSUEKzApBgcrBgEF<br>AgMFBgorBgEEAYI3FAICBggrBgEFBQcDAQYIKwYBBQUHAwIwDgYDVR0PAQH/BAQD<br>AgWgMEAGCSsGAQQBgjcVCgQzMDEwCQYHKwYBBQIDBTAMBgorBgEEAYI3FAICMAoG<br>CCsGAQUFBwMBMAoGCCsGAQUFBwMCMB0GA1UdDgQWBBQ7uvQtzIM4rIkZ+9gx+qwj<br>gGfVVTAfBgNVHSMEGDAWgBR8X3Ffa9ODPVuv2VSdfoixzqhcgzCBzAYDVR0fBIHE<br>MIHBMIG+oIG7oIG4hoG1bGRhcDovLy9DTj1TS1lXQVJQQ0EsQ049UUFURVNUREMy<br>LENOPUNEUCxDTj1QdWJsaWMlMjBLZXklMjBTZXJ2aWNlcyxDTj1TZXJ2aWNlcyxD<br>Tj1Db25maWd1cmF0aW9uLERDPWJvaW5nb3FhLERDPWxvY2FsP2NlcnRpZmljYXRl<br>UmV2b2NhdGlvbkxpc3Q/YmFzZT9vYmplY3RDbGFzcz1jUkxEaXN0cmlidXRpb25Q<br>b2ludDCBvgYIKwYBBQUHAQEEgbEwga4wgasGCCsGAQUFBzAChoGebGRhcDovLy9D<br>Tj1TS1lXQVJQQ0EsQ049QUlBLENOPVB1YmxpYyUyMEtleSUyMFNlcnZpY2VzLENO<br>PVNlcnZpY2VzLENOPUNvbmZpZ3VyYXRpb24sREM9Ym9pbmdvcWEsREM9bG9jYWw/<br>Y0FDZXJ0aWZpY2F0ZT9iYXNlP29iamVjdENsYXNzPWNlcnRpZmljYXRpb25BdXRo<br>b3JpdHkwQAYDVR0RAQH/BDYwNIIYUUFURVNUREMyLmJvaW5nb3FhLmxvY2Fsgg5i<br>b2luZ29xYS5sb2NhbIIIQk9JTkdPUUEwDQYJKoZIhvcNAQEEBQADggIBALZdnAQ3<br>Q89udt97z7fRhCEOe/169M4Veo7mxw5IJ7/kdv3+6OQr/6xXOgy67SpeEj14BPCB<br>ehEXHd1N8nSd5MxR73C65QxiC/jCR0VhHYIZyNkGke44EWl6o/7frHHXIkgKhSHI<br>TumCdHc1erfwlRaifPksYO8f5HpE1FABeBhmPau003My4uLbcwMPt+XS1AlGSRM7<br>mxE3JjnFp0iD+kNvDA7SlcOYxkNRyCG1ty4TOdWq9FIRf9m+f4dLXZ/ZR2kPi7GY<br>TBwCm4R8wqvi2UmNv2b/jhP39RqVEXMlFoVM2ciOSk5Za9zJ/0ykhHTImea92Pwz<br>eNfF89abIR7rADkPsulcTfAuwLfHbnfB2DUw75WaIesNLyc49sjgWLSk2B0trjc8<br>Z2FiVWYRBgLLrn5OKOHIzBD9fuGShTMU5I6U53Sr0CtoSvAX57wfkSdlydAH/MqP<br>lFBjzGWQA00ZiEgN0Cc1y47g50uHE8nUNoeVoxD0arBO8utvr7R6yL9caIvs+09N<br>B/idR3c8Sjb0c3g8pCFGLzDkM6iH/cklzh8hYaddbCiHzDruzbJv4ORLFo7dL/Sb<br>nZbit2qjoLUmnTSXAxE9A39qiX5f/cKUFnFB/kuiYKUoUFaWkLxmXd9zarIhkpA6<br>1adEmspCvWswrfVKhgrR1ELf4qNo1nEKOsi9<br>-----END CERTIFICATE-----<br>subject=<br>issuer=/DC=local/DC=boingoqa/CN=SKYWARPCA<br>---<br>Acceptable client certificate CA names<br><br>/DC=local/DC=boingoqa/CN=SKYWARPCA<br>/CN=QATESTDC2.boingoqa.local<br>/DC=local/DC=boingoqa/CN=boingoqaca<br>/C=US/O=DigiCert Inc/OU=www.digicert.com/CN=DigiCert Assured ID Root CA<br>/C=US/O=VeriSign, Inc./OU=VeriSign Trust Network/OU=(c) 2006 VeriSign, Inc. - For authorized use only/CN=VeriSign Class 3 Public Primary Certification Authority - G5<br>/C=US/O=VeriSign, Inc./OU=Class 3 Public Primary Certification Authority<br>/O=Entrust.net/OU=www.entrust.net/CPS_2048 incorp. by ref. (limits liab.)/OU=(c) 1999 Entrust.net Limited/CN=Entrust.net Certification Authority (2048)<br>/C=US/O=DigiCert Inc/OU=www.digicert.com/CN=DigiCert High Assurance EV Root CA<br>/C=US/O=GTE Corporation/OU=GTE CyberTrust Solutions, Inc./CN=GTE CyberTrust Global Root<br>/C=US/O=DigiCert Inc/OU=www.digicert.com/CN=DigiCert Global Root CA<br>/C=BE/O=GlobalSign nv-sa/OU=Root CA/CN=GlobalSign Root CA<br>/C=IE/O=Baltimore/OU=CyberTrust/CN=Baltimore CyberTrust Root<br>/O=BOINGO.COM/CN=Certificate Authority<br>/OU=Copyright (c) 1997 Microsoft Corp./OU=Microsoft Corporation/CN=Microsoft Root Authority<br>/DC=com/DC=microsoft/CN=Microsoft Root Certificate Authority<br>/CN=NT AUTHORITY<br>---<br>SSL handshake has read 3480 bytes and written 601 bytes<br>---<br>New, TLSv1/SSLv3, Cipher is AES128-SHA<br>Server public key is 2048 bit<br>Secure Renegotiation IS supported<br>Compression: NONE<br>Expansion: NONE<br>SSL-Session:<br> Protocol : TLSv1<br> Cipher : AES128-SHA<br> Session-ID: 333C0000854E673466C6993943C1FBC7E65382AB7C486AFA750CB5F76D45302A<br> Session-ID-ctx: <br> Master-Key: 63BF2A0621C3438C7CD8A0037B3769FC9182FF517B7D07265B8EE5F74FD90BBA0B8E56B9F466F3502F32C816076DAA47<br> Key-Arg : None<br> Krb5 Principal: None<br> PSK identity: None<br> PSK identity hint: None<br> Start Time: 1391547347<br> Timeout : 300 (sec)<br> Verify return code: 21 (unable to verify the first certificate)<br>---<br><br></pre> <div style="font-family:Times New Roman; color:#000000; font-size:16px"> <hr tabindex="-1"> <div id="divRpF328658" style="direction:ltr"><font size="2" color="#000000" face="Tahoma"><b>From:</b> freeipa-users-bounces@redhat.com [freeipa-users-bounces@redhat.com] on behalf of Todd Maugh [tmaugh@boingo.com]<br> <b>Sent:</b> Tuesday, February 04, 2014 12:53 PM<br> <b>To:</b> Rich Megginson; dpal@redhat.com<br> <b>Cc:</b> freeipa-users@redhat.com<br> <b>Subject:</b> Re: [Freeipa-users] Creating password sync<br> </font><br> </div> <div></div> <div> <div style="direction:ltr; font-family:Tahoma; color:#000000; font-size:10pt">I tried changing the password for a user in AD<br> <br> this is what the passsync log shows: <br> <br> <div>02/04/14 12:29:14: Ldap bind error in Connect</div> <div><span class="" style="white-space:pre"></span>81: Can't contact LDAP server</div> <div>02/04/14 12:49:34: Ldap bind error in Connect</div> <div><span class="" style="white-space:pre"></span>81: Can't contact LDAP server</div> <div>02/04/14 12:49:34: Ldap error in QueryUsername</div> <div><span class="" style="white-space:pre"></span>81: Can't contact LDAP server</div> <div>02/04/14 12:49:36: Ldap bind error in Connect</div> <div><span class="" style="white-space:pre"></span>81: Can't contact LDAP server</div> <div>02/04/14 12:49:36: Ldap error in QueryUsername</div> <div><span class="" style="white-space:pre"></span>81: Can't contact LDAP server<br> <br> <br> and you say this is one of many issues with passsync. do you recommend another option?<br> <br> </div> <br> <div style="font-family:Times New Roman; color:#000000; font-size:16px"> <hr tabindex="-1"> <div id="divRpF807741" style="direction:ltr"><font size="2" color="#000000" face="Tahoma"><b>From:</b> Todd Maugh<br> <b>Sent:</b> Tuesday, February 04, 2014 12:48 PM<br> <b>To:</b> Rich Megginson; dpal@redhat.com<br> <b>Cc:</b> freeipa-users@redhat.com<br> <b>Subject:</b> RE: Creating password sync<br> </font><br> </div> <div></div> <div> <div style="direction:ltr; font-family:Tahoma; color:#000000; font-size:10pt">but what about the "cant contact LDAP server in the passsync log"<br> <br> and are you saying I should try to change one of the passwords in AD for it to go to IDM, or vice versa?<br> <br> thanks<br> <br> <br> <div style="font-family:Times New Roman; color:#000000; font-size:16px"> <hr tabindex="-1"> <div id="divRpF189373" style="direction:ltr"><font size="2" color="#000000" face="Tahoma"><b>From:</b> Rich Megginson [rmeggins@redhat.com]<br> <b>Sent:</b> Tuesday, February 04, 2014 12:45 PM<br> <b>To:</b> Todd Maugh; dpal@redhat.com<br> <b>Cc:</b> freeipa-users@redhat.com<br> <b>Subject:</b> Re: Creating password sync<br> </font><br> </div> <div></div> <div> <div class="moz-cite-prefix">On 02/04/2014 01:42 PM, Todd Maugh wrote:<br> </div> <blockquote type="cite"> <div style="direction:ltr; font-family:Tahoma; color:#000000; font-size:10pt">I have not changed any passwords in AD yet.<br> </div> </blockquote> <br> Then passsync will not have sent anything.<br> <br> <blockquote type="cite"> <div style="direction:ltr; font-family:Tahoma; color:#000000; font-size:10pt"><br> and the users I have in IDM from AD, their passwords are not working<br> </div> </blockquote> <br> Right. This is one of the (many) problems with the passsync approach - there currently is no way to populate the initial passwords - that is, passsync/IdM cannot copy your passwords over from AD to IdM.<br> <br> <blockquote type="cite"> <div style="direction:ltr; font-family:Tahoma; color:#000000; font-size:10pt"><br> <br> <div style="font-family:Times New Roman; color:#000000; font-size:16px"> <hr tabindex="-1"> <div id="divRpF355147" style="direction:ltr"><font size="2" color="#000000" face="Tahoma"><b>From:</b> Rich Megginson [<a class="moz-txt-link-abbreviated" href="mailto:rmeggins@redhat.com" target="_blank">rmeggins@redhat.com</a>]<br> <b>Sent:</b> Tuesday, February 04, 2014 12:40 PM<br> <b>To:</b> Todd Maugh; <a class="moz-txt-link-abbreviated" href="mailto:dpal@redhat.com" target="_blank"> dpal@redhat.com</a><br> <b>Cc:</b> <a class="moz-txt-link-abbreviated" href="mailto:freeipa-users@redhat.com" target="_blank"> freeipa-users@redhat.com</a><br> <b>Subject:</b> Re: Creating password sync<br> </font><br> </div> <div> <div class="moz-cite-prefix">On 02/04/2014 01:20 PM, Todd Maugh wrote:<br> </div> <blockquote type="cite"> <div style="direction:ltr; font-family:Tahoma; color:#000000; font-size:10pt">my passhook.log file is empty<br> </div> </blockquote> <br> Have you changed any passwords in AD?<br> <br> <blockquote type="cite"> <div style="direction:ltr; font-family:Tahoma; color:#000000; font-size:10pt"> <div style="font-family:Times New Roman; color:#000000; font-size:16px"> <hr tabindex="-1"> <div id="divRpF268312" style="direction:ltr"><font size="2" color="#000000" face="Tahoma"><b>From:</b> <a class="moz-txt-link-abbreviated" href="mailto:freeipa-users-bounces@redhat.com" target="_blank"> freeipa-users-bounces@redhat.com</a> [<a class="moz-txt-link-abbreviated" href="mailto:freeipa-users-bounces@redhat.com" target="_blank">freeipa-users-bounces@redhat.com</a>] on behalf of Todd Maugh [<a class="moz-txt-link-abbreviated" href="mailto:tmaugh@boingo.com" target="_blank">tmaugh@boingo.com</a>]<br> <b>Sent:</b> Tuesday, February 04, 2014 11:56 AM<br> <b>To:</b> Rich Megginson; <a class="moz-txt-link-abbreviated" href="mailto:dpal@redhat.com" target="_blank"> dpal@redhat.com</a><br> <b>Cc:</b> <a class="moz-txt-link-abbreviated" href="mailto:freeipa-users@redhat.com" target="_blank"> freeipa-users@redhat.com</a><br> <b>Subject:</b> Re: [Freeipa-users] Creating password sync<br> </font><br> </div> <div> <div style="direction:ltr; font-family:Tahoma; color:#000000; font-size:10pt">Im seeing these errors in the passsync.log<br> <br> <span dir="ltr"> <div>32: No such object</div> <div>02/03/14 16:23:40: Ldap error in QueryUsername</div> <div>32: No such object</div> <div>02/03/14 16:57:48: Abandoning password change for scottb, backoff expired</div> <div>02/03/14 16:57:48: Ldap bind error in Connect</div> <div>32: No such object</div> <div>02/03/14 16:57:48: Ldap error in QueryUsername</div> <div>32: No such object</div> <div>02/03/14 18:06:04: Abandoning password change for scottb, backoff expired</div> <div>02/03/14 18:06:04: Ldap bind error in Connect</div> <div>32: No such object</div> <div>02/04/14 10:24:59: PassSync service initialized</div> <div>02/04/14 10:24:59: PassSync service running</div> <div>02/04/14 10:25:00: Ldap bind error in Connect</div> <div>32: No such object</div> <div>02/04/14 10:58:37: Ldap bind error in Connect</div> <div>32: No such object</div> <div>02/04/14 10:58:37: PassSync service stopped</div> <div>02/04/14 10:58:38: PassSync service initialized</div> <div>02/04/14 10:58:38: PassSync service running</div> <div>02/04/14 10:58:39: Ldap bind error in Connect</div> <div>32: No such object</div> <div><br> <br> </div> </span><br> <div style="font-family:Times New Roman; color:#000000; font-size:16px"> <hr tabindex="-1"> <div id="divRpF24542" style="direction:ltr"><font size="2" color="#000000" face="Tahoma"><b>From:</b> Rich Megginson [<a class="moz-txt-link-abbreviated" href="mailto:rmeggins@redhat.com" target="_blank">rmeggins@redhat.com</a>]<br> <b>Sent:</b> Tuesday, February 04, 2014 9:19 AM<br> <b>To:</b> Todd Maugh; <a class="moz-txt-link-abbreviated" href="mailto:dpal@redhat.com" target="_blank"> dpal@redhat.com</a><br> <b>Cc:</b> <a class="moz-txt-link-abbreviated" href="mailto:freeipa-users@redhat.com" target="_blank"> freeipa-users@redhat.com</a><br> <b>Subject:</b> Re: Creating password sync<br> </font><br> </div> <div> <div class="moz-cite-prefix">On 02/04/2014 10:17 AM, Todd Maugh wrote:<br> </div> <blockquote type="cite"><style id="owaParaStyle" type="text/css">  </style> <div style="direction:ltr; font-family:Tahoma; color:#000000; font-size:10pt">also I have verified the password synchronization service is started and running on the windows 2008 R2 server<br> <br> <br> but I cant tell if or what it is doing because iM not getting passwords to my IDM<br> </div> </blockquote> <a class="moz-txt-link-freetext" href="http://port389.org/wiki/Howto:WindowsSync#PassSync_Logging" target="_blank">http://port389.org/wiki/Howto:WindowsSync#PassSync_Logging</a><br> <br> You can also look at the 389 access log to see if you have connections from the windows box.<br> <br> <blockquote type="cite"> <div style="direction:ltr; font-family:Tahoma; color:#000000; font-size:10pt"> <div style="font-family:Times New Roman; color:#000000; font-size:16px"> <hr tabindex="-1"> <div id="divRpF273180" style="direction:ltr"><font size="2" color="#000000" face="Tahoma"><b>From:</b> <a class="moz-txt-link-abbreviated" href="mailto:freeipa-users-bounces@redhat.com" target="_blank"> freeipa-users-bounces@redhat.com</a> [<a class="moz-txt-link-abbreviated" href="mailto:freeipa-users-bounces@redhat.com" target="_blank">freeipa-users-bounces@redhat.com</a>] on behalf of Todd Maugh [<a class="moz-txt-link-abbreviated" href="mailto:tmaugh@boingo.com" target="_blank">tmaugh@boingo.com</a>]<br> <b>Sent:</b> Tuesday, February 04, 2014 9:04 AM<br> <b>To:</b> Rich Megginson; <a class="moz-txt-link-abbreviated" href="mailto:dpal@redhat.com" target="_blank"> dpal@redhat.com</a><br> <b>Cc:</b> <a class="moz-txt-link-abbreviated" href="mailto:freeipa-users@redhat.com" target="_blank"> freeipa-users@redhat.com</a><br> <b>Subject:</b> [Freeipa-users] Creating password sync<br> </font><br> </div> <div> <div style="direction:ltr; font-family:Tahoma; color:#000000; font-size:10pt">Ok, So I have my replication agreement set up.<br> <br> and I see accounts coming in to my IDM server from AD<br> <br> I have followed this guide from redhat <br> <br> <a class="moz-txt-link-freetext" href="https://access.redhat.com/site/documentation/en-US/Red_Hat_Enterprise_Linux/6/html/Identity_Management_Guide/pass-sync.html" target="_blank">https://access.redhat.com/site/documentation/en-US/Red_Hat_Enterprise_Linux/6/html/Identity_Management_Guide/pass-sync.html</a><br> <br> to set up my password sync. <br> <br> I get no errors<br> <br> but my passwords are not syncing!<br> <br> Help! the documentation tells o fno way to verify or trouble shoot<br> <br> <br> Thank You<br> <br> -Todd Maugh<br> <a class="moz-txt-link-abbreviated" href="mailto:tmaugh@boingo.com" target="_blank">tmaugh@boingo.com</a><br> </div> </div> </div> </div> </blockquote> <br> </div> </div> </div> </div> </div> </div> </blockquote> <br> </div> </div> </div> </blockquote> <br> </div> </div> </div> </div> </div> </div> </div> </div> </div> </div> </div> </div> </div> </div> </div> </div> </div> </div> </body> </html>