[Freeipa-users] Creating password sync
Rich Megginson
rmeggins at redhat.com
Tue Feb 4 20:45:30 UTC 2014
On 02/04/2014 01:42 PM, Todd Maugh wrote:
> I have not changed any passwords in AD yet.
Then passsync will not have sent anything.
>
> and the users I have in IDM from AD, their passwords are not working
Right. This is one of the (many) problems with the passsync approach -
there currently is no way to populate the initial passwords - that is,
passsync/IdM cannot copy your passwords over from AD to IdM.
>
>
> ------------------------------------------------------------------------
> *From:* Rich Megginson [rmeggins at redhat.com]
> *Sent:* Tuesday, February 04, 2014 12:40 PM
> *To:* Todd Maugh; dpal at redhat.com
> *Cc:* freeipa-users at redhat.com
> *Subject:* Re: Creating password sync
>
> On 02/04/2014 01:20 PM, Todd Maugh wrote:
>> my passhook.log file is empty
>
> Have you changed any passwords in AD?
>
>> ------------------------------------------------------------------------
>> *From:* freeipa-users-bounces at redhat.com
>> [freeipa-users-bounces at redhat.com] on behalf of Todd Maugh
>> [tmaugh at boingo.com]
>> *Sent:* Tuesday, February 04, 2014 11:56 AM
>> *To:* Rich Megginson; dpal at redhat.com
>> *Cc:* freeipa-users at redhat.com
>> *Subject:* Re: [Freeipa-users] Creating password sync
>>
>> Im seeing these errors in the passsync.log
>>
>> 32: No such object
>> 02/03/14 16:23:40: Ldap error in QueryUsername
>> 32: No such object
>> 02/03/14 16:57:48: Abandoning password change for scottb, backoff expired
>> 02/03/14 16:57:48: Ldap bind error in Connect
>> 32: No such object
>> 02/03/14 16:57:48: Ldap error in QueryUsername
>> 32: No such object
>> 02/03/14 18:06:04: Abandoning password change for scottb, backoff expired
>> 02/03/14 18:06:04: Ldap bind error in Connect
>> 32: No such object
>> 02/04/14 10:24:59: PassSync service initialized
>> 02/04/14 10:24:59: PassSync service running
>> 02/04/14 10:25:00: Ldap bind error in Connect
>> 32: No such object
>> 02/04/14 10:58:37: Ldap bind error in Connect
>> 32: No such object
>> 02/04/14 10:58:37: PassSync service stopped
>> 02/04/14 10:58:38: PassSync service initialized
>> 02/04/14 10:58:38: PassSync service running
>> 02/04/14 10:58:39: Ldap bind error in Connect
>> 32: No such object
>>
>>
>>
>> ------------------------------------------------------------------------
>> *From:* Rich Megginson [rmeggins at redhat.com]
>> *Sent:* Tuesday, February 04, 2014 9:19 AM
>> *To:* Todd Maugh; dpal at redhat.com
>> *Cc:* freeipa-users at redhat.com
>> *Subject:* Re: Creating password sync
>>
>> On 02/04/2014 10:17 AM, Todd Maugh wrote:
>>> also I have verified the password synchronization service is started
>>> and running on the windows 2008 R2 server
>>>
>>>
>>> but I cant tell if or what it is doing because iM not getting
>>> passwords to my IDM
>> http://port389.org/wiki/Howto:WindowsSync#PassSync_Logging
>>
>> You can also look at the 389 access log to see if you have
>> connections from the windows box.
>>
>>> ------------------------------------------------------------------------
>>> *From:* freeipa-users-bounces at redhat.com
>>> [freeipa-users-bounces at redhat.com] on behalf of Todd Maugh
>>> [tmaugh at boingo.com]
>>> *Sent:* Tuesday, February 04, 2014 9:04 AM
>>> *To:* Rich Megginson; dpal at redhat.com
>>> *Cc:* freeipa-users at redhat.com
>>> *Subject:* [Freeipa-users] Creating password sync
>>>
>>> Ok, So I have my replication agreement set up.
>>>
>>> and I see accounts coming in to my IDM server from AD
>>>
>>> I have followed this guide from redhat
>>>
>>> https://access.redhat.com/site/documentation/en-US/Red_Hat_Enterprise_Linux/6/html/Identity_Management_Guide/pass-sync.html
>>>
>>> to set up my password sync.
>>>
>>> I get no errors
>>>
>>> but my passwords are not syncing!
>>>
>>> Help! the documentation tells o fno way to verify or trouble shoot
>>>
>>>
>>> Thank You
>>>
>>> -Todd Maugh
>>> tmaugh at boingo.com
>>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20140204/b570d488/attachment.htm>
More information about the Freeipa-users
mailing list