<html>
<head>
<meta content="text/html; charset=ISO-8859-1"
http-equiv="Content-Type">
</head>
<body bgcolor="#FFFFFF" text="#000000">
On 05/18/2012 09:56 AM, Kline, Sara wrote:
<blockquote
cite="mid:C0C9408742654B429ECD3D1FF11A118D16EB7ABF95@TNS-MAIL-NA1.win2k.corp.tnsi.com"
type="cite">
<meta http-equiv="Content-Type" content="text/html;
charset=ISO-8859-1">
<meta name="Generator" content="Microsoft Word 14 (filtered
medium)">
<!--
[if !mso]><style>v\:* {behavior:url(#default#VML);}
o\:* {behavior:url(#default#VML);}
w\:* {behavior:url(#default#VML);}
.shape {behavior:url(#default#VML);}
</style><![endif]-->
<style><!--
/* Font Definitions */
@font-face
{font-family:Calibri;
panose-1:2 15 5 2 2 2 4 3 2 4;}
@font-face
{font-family:Tahoma;
panose-1:2 11 6 4 3 5 4 4 2 4;}
@font-face
{font-family:Consolas;
panose-1:2 11 6 9 2 2 4 3 2 4;}
@font-face
{font-family:"Colonna MT";
panose-1:4 2 8 5 6 2 2 3 2 3;}
@font-face
{font-family:"Colonna MT \;color\:\#1F497D";
panose-1:0 0 0 0 0 0 0 0 0 0;}
@font-face
{font-family:"Times New Roman \, serif";
panose-1:0 0 0 0 0 0 0 0 0 0;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0in;
margin-bottom:.0001pt;
font-size:11.0pt;
font-family:"Calibri","sans-serif";
color:black;}
a:link, span.MsoHyperlink
{mso-style-priority:99;
color:blue;
text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
{mso-style-priority:99;
color:purple;
text-decoration:underline;}
pre
{mso-style-priority:99;
mso-style-link:"HTML Preformatted Char";
margin:0in;
margin-bottom:.0001pt;
font-size:10.0pt;
font-family:"Courier New";
color:black;}
p.MsoAcetate, li.MsoAcetate, div.MsoAcetate
{mso-style-priority:99;
mso-style-link:"Balloon Text Char";
margin:0in;
margin-bottom:.0001pt;
font-size:8.0pt;
font-family:"Tahoma","sans-serif";
color:black;}
span.HTMLPreformattedChar
{mso-style-name:"HTML Preformatted Char";
mso-style-priority:99;
mso-style-link:"HTML Preformatted";
font-family:Consolas;
color:black;}
span.BalloonTextChar
{mso-style-name:"Balloon Text Char";
mso-style-priority:99;
mso-style-link:"Balloon Text";
font-family:"Tahoma","sans-serif";
color:black;}
span.EmailStyle21
{mso-style-type:personal;
font-family:"Calibri","sans-serif";
color:windowtext;}
span.EmailStyle22
{mso-style-type:personal;
font-family:"Calibri","sans-serif";
color:#1F497D;}
span.EmailStyle23
{mso-style-type:personal;
font-family:"Calibri","sans-serif";
color:#1F497D;}
span.EmailStyle24
{mso-style-type:personal-reply;
font-family:"Calibri","sans-serif";
color:#1F497D;}
.MsoChpDefault
{mso-style-type:export-only;
font-size:10.0pt;}
@page WordSection1
{size:8.5in 11.0in;
margin:1.0in 1.0in 1.0in 1.0in;}
div.WordSection1
{page:WordSection1;}
--></style><!--[if gte mso 9]><xml>
<o:shapedefaults v:ext="edit" spidmax="1026" />
</xml><![endif][if gte mso 9]><xml>
<o:shapelayout v:ext="edit">
<o:idmap v:ext="edit" data="1" />
</o:shapelayout></xml><![endif]-->
<div class="WordSection1">
<p class="MsoNormal"><span style="color: rgb(31, 73, 125);">Ldapsearch
revealed the issue. The documentation in the Integrating AD
section says that passsync is in the systemaccounts cn.
Ldapsearch revealed it is actually sysaccounts cn. It is
successfully binding now. I created a test user, then I
logged in as him and changed his password, it took a while
but the password was replicated over to FreeIPA and I was
able to login using his credentials. Out of curiosity, does
PassSync have a set polling period or is it supposed to sync
anytime a change is made?</span></p>
</div>
</blockquote>
<br>
It is supposed to sync immediately.<br>
<br>
<blockquote
cite="mid:C0C9408742654B429ECD3D1FF11A118D16EB7ABF95@TNS-MAIL-NA1.win2k.corp.tnsi.com"
type="cite">
<div class="WordSection1">
<p class="MsoNormal"><span style="color:#1F497D"><o:p></o:p></span></p>
<p class="MsoNormal"><span style="color:#1F497D"><o:p> </o:p></span></p>
<div>
<p class="MsoNormal"><span
style="font-size:12.0pt;font-family:"Colonna
MT";color:#1F497D">Thanks,<o:p></o:p></span></p>
<p class="MsoNormal"><span
style="font-size:12.0pt;font-family:"Colonna
MT";color:#1F497D">Sara Kline<o:p></o:p></span></p>
</div>
<p class="MsoNormal"><span style="color:#1F497D"><o:p> </o:p></span></p>
<div>
<div style="border:none;border-top:solid #B5C4DF
1.0pt;padding:3.0pt 0in 0in 0in">
<p class="MsoNormal"><b><span
style="font-size:10.0pt;font-family:"Tahoma","sans-serif";color:windowtext">From:</span></b><span
style="font-size:10.0pt;font-family:"Tahoma","sans-serif";color:windowtext">
Rich Megginson [<a class="moz-txt-link-freetext" href="mailto:rmeggins@redhat.com">mailto:rmeggins@redhat.com</a>]
<br>
<b>Sent:</b> Friday, May 18, 2012 8:16 AM<br>
<b>To:</b> Kline, Sara<br>
<b>Cc:</b> <a class="moz-txt-link-abbreviated" href="mailto:freeipa-users@redhat.com">freeipa-users@redhat.com</a><br>
<b>Subject:</b> Re: [Freeipa-users] Problems with
Passsync<o:p></o:p></span></p>
</div>
</div>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal">On 05/18/2012 09:11 AM, Kline, Sara wrote:
<o:p></o:p></p>
<p class="MsoNormal"><span style="color:#1F497D">Yes, after
installing PassSync I rebooted, and I have not changed any
passwords in AD.</span><o:p></o:p></p>
<p class="MsoNormal"><span
style="font-size:12.0pt;font-family:"Times New
Roman","serif""><br>
If you have not changed any passwords in AD, then the log is
correctly reporting "No entries yet"<br>
<br>
<br>
<o:p></o:p></span></p>
<p class="MsoNormal"><span style="color:#1F497D">The bind dn I
am using is the one that the documentation says to use which
was:</span><o:p></o:p></p>
<p class="MsoNormal"><span style="color:#1F497D">uid=passsync,cn=systemaccounts,cn=etc,dc=prod,dc=example,dc=com.
If I do an ipa user-find on this, it comes back empty but I
am thinking its because this is not in with the regular user
accounts. Is there a way to verify that the account is
there?</span><o:p></o:p></p>
<p class="MsoNormal"><span
style="font-size:12.0pt;font-family:"Times New
Roman","serif""><br>
ldapsearch -xLLL -D "cn=directory manager" -W -b
dc=example,dc=com uid=passsync<br>
<br>
<br>
<o:p></o:p></span></p>
<p class="MsoNormal"><span style="color:#1F497D"> </span><o:p></o:p></p>
<div>
<p class="MsoNormal"><span
style="font-size:12.0pt;font-family:"Colonna MT
;color:#1F497D","serif"">Thanks,</span><o:p></o:p></p>
<p class="MsoNormal"><span
style="font-size:12.0pt;font-family:"Colonna MT
;color:#1F497D","serif"">Sara Kline</span><o:p></o:p></p>
</div>
<p class="MsoNormal"><span style="color:#1F497D"> </span><o:p></o:p></p>
<div>
<div style="border:none;border-top:solid #B5C4DF
1.0pt;padding:3.0pt 0in 0in 0in">
<p class="MsoNormal"><b><span
style="font-size:10.0pt;font-family:"Tahoma","sans-serif";color:windowtext">From:</span></b><span
style="font-size:10.0pt;font-family:"Tahoma","sans-serif";color:windowtext">
Rich Megginson [<a moz-do-not-send="true"
href="mailto:rmeggins@redhat.com">mailto:rmeggins@redhat.com</a>]
<br>
<b>Sent:</b> Friday, May 18, 2012 7:34 AM<br>
<b>To:</b> Kline, Sara<br>
<b>Cc:</b> <a moz-do-not-send="true"
href="mailto:freeipa-users@redhat.com">freeipa-users@redhat.com</a><br>
<b>Subject:</b> Re: [Freeipa-users] Problems with
Passsync</span><o:p></o:p></p>
</div>
</div>
<p class="MsoNormal"> <o:p></o:p></p>
<p class="MsoNormal">On 05/17/2012 04:10 PM, Kline, Sara wrote:
<o:p></o:p></p>
<p class="MsoNormal"><span style="color:#1F497D">I was able to
fix the import issue, and found some special SSL things for
Server 2008 when you are wanting to run LDAP/SSL. So Pass
Sync is no longer stating SSL is may not be setup correctly.</span><o:p></o:p></p>
<p class="MsoNormal"><span style="color:#1F497D">I am running
into an issue however. These are the entries in the Pass
Sync log file:</span><o:p></o:p></p>
<p class="MsoNormal"><span style="color:#1F497D">PassSync
service is running</span><o:p></o:p></p>
<p class="MsoNormal"><span style="color:#1F497D">No entries yet</span><o:p></o:p></p>
<p class="MsoNormal"><span
style="font-size:12.0pt;font-family:"Times New Roman ,
serif","serif""><br>
Did you reboot the AD box after installing PassSync?<br>
Have you changed any passwords in AD?<br>
<br>
<br>
<br>
</span><o:p></o:p></p>
<p class="MsoNormal"><span style="color:#1F497D">Ldap bind error
in Connect 32: No such object</span><o:p></o:p></p>
<p class="MsoNormal"><span
style="font-size:12.0pt;font-family:"Times New Roman ,
serif","serif""><br>
What is the bind DN you used when you configured PassSync on
AD? Does that DN correspond to a real user DN in IPA?<br>
<br>
<br>
<br>
</span><o:p></o:p></p>
<p class="MsoNormal"><span style="color:#1F497D">Can not connect
to ldap server in SyncPasswords</span><o:p></o:p></p>
<p class="MsoNormal"><span style="color:#1F497D"> </span><o:p></o:p></p>
<div>
<p class="MsoNormal"><span
style="font-size:12.0pt;font-family:"Colonna
MT"">Thanks,</span><o:p></o:p></p>
<p class="MsoNormal"><span
style="font-size:12.0pt;font-family:"Colonna
MT"">Sara Kline</span><o:p></o:p></p>
</div>
<p class="MsoNormal"><span style="color:#1F497D"> </span><o:p></o:p></p>
<div>
<div style="border:none;border-top:solid #B5C4DF
1.0pt;padding:3.0pt 0in 0in 0in">
<p class="MsoNormal"><b><span
style="font-size:10.0pt;font-family:"Tahoma","sans-serif"">From:</span></b><span
style="font-size:10.0pt;font-family:"Tahoma","sans-serif"">
<a moz-do-not-send="true"
href="mailto:freeipa-users-bounces@redhat.com">freeipa-users-bounces@redhat.com</a>
[<a moz-do-not-send="true"
href="mailto:freeipa-users-bounces@redhat.com">mailto:freeipa-users-bounces@redhat.com</a>]
<b>On Behalf Of </b>Kline, Sara<br>
<b>Sent:</b> Thursday, May 17, 2012 11:06 AM<br>
<b>To:</b> <a moz-do-not-send="true"
href="mailto:freeipa-users@redhat.com">freeipa-users@redhat.com</a><br>
<b>Subject:</b> [Freeipa-users] Problems with Passsync</span><o:p></o:p></p>
</div>
</div>
<p class="MsoNormal"> <o:p></o:p></p>
<p class="MsoNormal">Replication is working great. When I
create/delete an account on the AD server it shows up in
FreeIPA, hoever I can’t get Passsync to work. I believe it is
working because the last step in the documentation isn’t
working. When I try to import the certificate, I get this
message:<o:p></o:p></p>
<p class="MsoNormal">Certutil.exe: “unable to open
“C:\Users\Administrator\Documents\ca.crt” for reading (-5950,
2). Any ideas?<o:p></o:p></p>
<p class="MsoNormal"> <o:p></o:p></p>
<p class="MsoNormal"><span
style="font-size:14.0pt;font-family:"Colonna MT"">Sara
Kline</span><o:p></o:p></p>
<p class="MsoNormal"><span
style="font-size:14.0pt;font-family:"Colonna MT"">System
Administrator</span><o:p></o:p></p>
<p class="MsoNormal"><span
style="font-size:14.0pt;font-family:"Colonna MT"">Transaction
Network Services, Inc</span><o:p></o:p></p>
<p class="MsoNormal"><span
style="font-size:14.0pt;font-family:"Colonna MT"">4501
Intelco Loop, Lacey WA 98503</span><o:p></o:p></p>
<p class="MsoNormal"><span
style="font-size:14.0pt;font-family:"Colonna MT"">Wk:
(360) 493-6736</span><o:p></o:p></p>
<p class="MsoNormal"><span
style="font-size:14.0pt;font-family:"Colonna MT"">Cell:
(360) 280-2495</span><o:p></o:p></p>
<p class="MsoNormal"> <o:p></o:p></p>
<p class="MsoNormal"><span style="font-size:12.0pt"> </span><o:p></o:p></p>
<div class="MsoNormal" style="text-align:center" align="center"><span
style="font-size:12.0pt">
<hr align="center" size="2" width="100%">
</span></div>
<p class="MsoNormal" style="margin-bottom:12.0pt"><span
style="font-size:7.5pt;font-family:"Arial","sans-serif";color:gray">This
e-mail message is for the sole use of the intended
recipient(s)and may<br>
contain confidential and privileged information of
Transaction Network Services.<br>
Any unauthorised review, use, disclosure or distribution is
prohibited. If you<br>
are not the intended recipient, please contact the sender by
reply e-mail and destroy all copies of the original message.</span><o:p></o:p></p>
<p class="MsoNormal"><span
style="font-size:12.0pt;font-family:"Times New Roman ,
serif","serif""> </span><o:p></o:p></p>
<div class="MsoNormal" style="text-align:center" align="center"><span
style="font-size:12.0pt;font-family:"Times New Roman ,
serif","serif"">
<hr align="center" size="2" width="100%">
</span></div>
<p class="MsoNormal"><span
style="font-size:7.5pt;font-family:"Arial","sans-serif";color:gray">This
e-mail message is for the sole use of the intended
recipient(s)and may<br>
contain confidential and privileged information of
Transaction Network Services.<br>
Any unauthorised review, use, disclosure or distribution is
prohibited. If you<br>
are not the intended recipient, please contact the sender by
reply e-mail and destroy all copies of the original message.<br>
<br>
</span><span style="font-size:12.0pt;font-family:"Times
New Roman , serif","serif""><br>
<br>
<br>
<br>
</span><o:p></o:p></p>
<pre>_______________________________________________<o:p></o:p></pre>
<pre>Freeipa-users mailing list<o:p></o:p></pre>
<pre><a moz-do-not-send="true" href="mailto:Freeipa-users@redhat.com">Freeipa-users@redhat.com</a><o:p></o:p></pre>
<pre><a moz-do-not-send="true" href="https://www.redhat.com/mailman/listinfo/freeipa-users">https://www.redhat.com/mailman/listinfo/freeipa-users</a><o:p></o:p></pre>
<p class="MsoNormal"><span
style="font-size:12.0pt;font-family:"Times New Roman ,
serif","serif""> </span><o:p></o:p></p>
<p class="MsoNormal"><span
style="font-size:12.0pt;font-family:"Times New
Roman","serif""><o:p> </o:p></span></p>
<div class="MsoNormal" style="text-align:center" align="center"><span
style="font-size:12.0pt;font-family:"Times New
Roman","serif"">
<hr align="center" size="2" width="100%">
</span></div>
<p class="MsoNormal" style="margin-bottom:12.0pt"><span
style="font-size:7.5pt;font-family:"Arial","sans-serif";color:gray">This
e-mail message is for the sole use of the intended
recipient(s)and may<br>
contain confidential and privileged information of
Transaction Network Services.<br>
Any unauthorised review, use, disclosure or distribution is
prohibited. If you<br>
are not the intended recipient, please contact the sender by
reply e-mail and destroy all copies of the original message.</span><span
style="font-size:12.0pt;font-family:"Times New
Roman","serif""><o:p></o:p></span></p>
<p class="MsoNormal"><span
style="font-size:12.0pt;font-family:"Times New
Roman","serif""><o:p> </o:p></span></p>
</div>
<br>
<hr>
<font color="Gray" face="Arial" size="1">This e-mail message is
for the sole use of the intended recipient(s)and may<br>
contain confidential and privileged information of Transaction
Network Services.<br>
Any unauthorised review, use, disclosure or distribution is
prohibited. If you<br>
are not the intended recipient, please contact the sender by
reply e-mail and destroy all copies of the original message.<br>
<br>
</font>
</blockquote>
<br>
</body>
</html>