[Freeipa-users] Creating password sync

Todd Maugh tmaugh at boingo.com
Tue Feb 4 20:48:03 UTC 2014


but what about the "cant contact LDAP server in the passsync log"

and are you saying I should try to change one of the passwords in AD for it to go to IDM, or vice versa?

thanks


________________________________
From: Rich Megginson [rmeggins at redhat.com]
Sent: Tuesday, February 04, 2014 12:45 PM
To: Todd Maugh; dpal at redhat.com
Cc: freeipa-users at redhat.com
Subject: Re: Creating password sync

On 02/04/2014 01:42 PM, Todd Maugh wrote:
I have not changed any passwords in AD yet.

Then passsync will not have sent anything.


and the users I have in IDM  from AD, their passwords are not working

Right.  This is one of the (many) problems with the passsync approach - there currently is no way to populate the initial passwords - that is, passsync/IdM cannot copy your passwords over from AD to IdM.



________________________________
From: Rich Megginson [rmeggins at redhat.com<mailto:rmeggins at redhat.com>]
Sent: Tuesday, February 04, 2014 12:40 PM
To: Todd Maugh; dpal at redhat.com<mailto:dpal at redhat.com>
Cc: freeipa-users at redhat.com<mailto:freeipa-users at redhat.com>
Subject: Re: Creating password sync

On 02/04/2014 01:20 PM, Todd Maugh wrote:
my passhook.log file is empty

Have you changed any passwords in AD?

________________________________
From: freeipa-users-bounces at redhat.com<mailto:freeipa-users-bounces at redhat.com> [freeipa-users-bounces at redhat.com<mailto:freeipa-users-bounces at redhat.com>] on behalf of Todd Maugh [tmaugh at boingo.com<mailto:tmaugh at boingo.com>]
Sent: Tuesday, February 04, 2014 11:56 AM
To: Rich Megginson; dpal at redhat.com<mailto:dpal at redhat.com>
Cc: freeipa-users at redhat.com<mailto:freeipa-users at redhat.com>
Subject: Re: [Freeipa-users] Creating password sync

Im seeing these errors in the passsync.log

32: No such object
02/03/14 16:23:40: Ldap error in QueryUsername
32: No such object
02/03/14 16:57:48: Abandoning password change for scottb, backoff expired
02/03/14 16:57:48: Ldap bind error in Connect
32: No such object
02/03/14 16:57:48: Ldap error in QueryUsername
32: No such object
02/03/14 18:06:04: Abandoning password change for scottb, backoff expired
02/03/14 18:06:04: Ldap bind error in Connect
32: No such object
02/04/14 10:24:59: PassSync service initialized
02/04/14 10:24:59: PassSync service running
02/04/14 10:25:00: Ldap bind error in Connect
32: No such object
02/04/14 10:58:37: Ldap bind error in Connect
32: No such object
02/04/14 10:58:37: PassSync service stopped
02/04/14 10:58:38: PassSync service initialized
02/04/14 10:58:38: PassSync service running
02/04/14 10:58:39: Ldap bind error in Connect
32: No such object



________________________________
From: Rich Megginson [rmeggins at redhat.com<mailto:rmeggins at redhat.com>]
Sent: Tuesday, February 04, 2014 9:19 AM
To: Todd Maugh; dpal at redhat.com<mailto:dpal at redhat.com>
Cc: freeipa-users at redhat.com<mailto:freeipa-users at redhat.com>
Subject: Re: Creating password sync

On 02/04/2014 10:17 AM, Todd Maugh wrote:
also I have verified the password synchronization service is started and running on the windows 2008 R2 server


but I cant tell if or what it is doing because iM not getting passwords to my IDM
http://port389.org/wiki/Howto:WindowsSync#PassSync_Logging

You can also look at the 389 access log to see if you have connections from the windows box.

________________________________
From: freeipa-users-bounces at redhat.com<mailto:freeipa-users-bounces at redhat.com> [freeipa-users-bounces at redhat.com<mailto:freeipa-users-bounces at redhat.com>] on behalf of Todd Maugh [tmaugh at boingo.com<mailto:tmaugh at boingo.com>]
Sent: Tuesday, February 04, 2014 9:04 AM
To: Rich Megginson; dpal at redhat.com<mailto:dpal at redhat.com>
Cc: freeipa-users at redhat.com<mailto:freeipa-users at redhat.com>
Subject: [Freeipa-users] Creating password sync

Ok, So I have my replication agreement set up.

and I see accounts coming in to my IDM server from AD

I have followed this guide from redhat

https://access.redhat.com/site/documentation/en-US/Red_Hat_Enterprise_Linux/6/html/Identity_Management_Guide/pass-sync.html

to set up my password sync.

I get no errors

but my passwords are not syncing!

Help! the documentation tells o fno way to verify or trouble shoot


Thank You

-Todd Maugh
tmaugh at boingo.com<mailto:tmaugh at boingo.com>



-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20140204/0d8753cb/attachment.htm>


More information about the Freeipa-users mailing list