[Freeipa-users] Problems with Passsync

Rich Megginson rmeggins at redhat.com
Fri May 18 16:04:14 UTC 2012 

On 05/18/2012 09:56 AM, Kline, Sara wrote:
>
> Ldapsearch revealed the issue. The documentation in the Integrating AD 
> section says that passsync is in the systemaccounts cn. Ldapsearch 
> revealed it is actually sysaccounts cn. It is successfully binding 
> now. I created a test user, then I logged in as him and changed his 
> password, it took a while but the password was replicated over to 
> FreeIPA and I was able to login using his credentials. Out of 
> curiosity, does PassSync have a set polling period or is it supposed 
> to sync anytime a change is made?
>

It is supposed to sync immediately.

> Thanks,
>
> Sara Kline
>
> *From:*Rich Megginson [mailto:rmeggins at redhat.com]
> *Sent:* Friday, May 18, 2012 8:16 AM
> *To:* Kline, Sara
> *Cc:* freeipa-users at redhat.com
> *Subject:* Re: [Freeipa-users] Problems with Passsync
>
> On 05/18/2012 09:11 AM, Kline, Sara wrote:
>
> Yes, after installing PassSync I rebooted, and I have not changed any 
> passwords in AD.
>
>
> If you have not changed any passwords in AD, then the log is correctly 
> reporting "No entries yet"
>
>
> The bind dn I am using is the one that the documentation says to use 
> which was:
>
> uid=passsync,cn=systemaccounts,cn=etc,dc=prod,dc=example,dc=com. If I 
> do an ipa user-find on this, it comes back empty but I am thinking its 
> because this is not in with the regular user accounts. Is there a way 
> to verify that the account is there?
>
>
> ldapsearch -xLLL -D "cn=directory manager" -W -b dc=example,dc=com 
> uid=passsync
>
>
> Thanks,
>
> Sara Kline
>
> *From:*Rich Megginson [mailto:rmeggins at redhat.com]
> *Sent:* Friday, May 18, 2012 7:34 AM
> *To:* Kline, Sara
> *Cc:* freeipa-users at redhat.com <mailto:freeipa-users at redhat.com>
> *Subject:* Re: [Freeipa-users] Problems with Passsync
>
> On 05/17/2012 04:10 PM, Kline, Sara wrote:
>
> I was able to fix the import issue, and found some special SSL things 
> for Server 2008 when you are wanting to run LDAP/SSL. So Pass Sync is 
> no longer stating SSL is may not be setup correctly.
>
> I am running into an issue however. These are the entries in the Pass 
> Sync log file:
>
> PassSync service is running
>
> No entries yet
>
>
> Did you reboot the AD box after installing PassSync?
> Have you changed any passwords in AD?
>
>
>
> Ldap bind error in Connect 32: No such object
>
>
> What is the bind DN you used when you configured PassSync on AD?  Does 
> that DN correspond to a real user DN in IPA?
>
>
>
> Can not connect to ldap server in SyncPasswords
>
> Thanks,
>
> Sara Kline
>
> *From:*freeipa-users-bounces at redhat.com 
> <mailto:freeipa-users-bounces at redhat.com> 
> [mailto:freeipa-users-bounces at redhat.com] *On Behalf Of *Kline, Sara
> *Sent:* Thursday, May 17, 2012 11:06 AM
> *To:* freeipa-users at redhat.com <mailto:freeipa-users at redhat.com>
> *Subject:* [Freeipa-users] Problems with Passsync
>
> Replication is working great. When I create/delete an account on the 
> AD server it shows up in FreeIPA, hoever I can't get Passsync to work. 
> I believe it is working because the last step in the documentation 
> isn't working. When I try to import the certificate, I get this message:
>
> Certutil.exe: "unable to open 
> "C:\Users\Administrator\Documents\ca.crt" for reading (-5950, 2). Any 
> ideas?
>
> Sara Kline
>
> System Administrator
>
> Transaction Network Services, Inc
>
> 4501 Intelco Loop, Lacey WA 98503
>
> Wk: (360) 493-6736
>
> Cell: (360) 280-2495
>
> ------------------------------------------------------------------------
>
> This e-mail message is for the sole use of the intended 
> recipient(s)and may
> contain confidential and privileged information of Transaction Network 
> Services.
> Any unauthorised review, use, disclosure or distribution is 
> prohibited. If you
> are not the intended recipient, please contact the sender by reply 
> e-mail and destroy all copies of the original message.
>
> ------------------------------------------------------------------------
>
> This e-mail message is for the sole use of the intended 
> recipient(s)and may
> contain confidential and privileged information of Transaction Network 
> Services.
> Any unauthorised review, use, disclosure or distribution is 
> prohibited. If you
> are not the intended recipient, please contact the sender by reply 
> e-mail and destroy all copies of the original message.
>
>
>
>
>
> _______________________________________________
> Freeipa-users mailing list
> Freeipa-users at redhat.com  <mailto:Freeipa-users at redhat.com>
> https://www.redhat.com/mailman/listinfo/freeipa-users
>
> ------------------------------------------------------------------------
>
> This e-mail message is for the sole use of the intended 
> recipient(s)and may
> contain confidential and privileged information of Transaction Network 
> Services.
> Any unauthorised review, use, disclosure or distribution is 
> prohibited. If you
> are not the intended recipient, please contact the sender by reply 
> e-mail and destroy all copies of the original message.
>
>
> ------------------------------------------------------------------------
> This e-mail message is for the sole use of the intended 
> recipient(s)and may
> contain confidential and privileged information of Transaction Network 
> Services.
> Any unauthorised review, use, disclosure or distribution is 
> prohibited. If you
> are not the intended recipient, please contact the sender by reply 
> e-mail and destroy all copies of the original message.
>

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20120518/bc3364bc/attachment.htm>

More information about the Freeipa-users mailing list