<html>
<head>
<meta content="text/html; charset=ISO-8859-1"
http-equiv="Content-Type">
</head>
<body bgcolor="#FFFFFF" text="#000000">
<div class="moz-cite-prefix">On 02/04/2014 01:42 PM, Todd Maugh
wrote:<br>
</div>
<blockquote
cite="mid:6FB698E172A95F49BE009B36D56F53E226C8B7@EXCHMB1-ELS.BWINC.local"
type="cite">
<meta http-equiv="Content-Type" content="text/html;
charset=ISO-8859-1">
<div style="direction: ltr;font-family: Tahoma;color:
#000000;font-size: 10pt;">I have not changed any passwords in AD
yet.<br>
</div>
</blockquote>
<br>
Then passsync will not have sent anything.<br>
<br>
<blockquote
cite="mid:6FB698E172A95F49BE009B36D56F53E226C8B7@EXCHMB1-ELS.BWINC.local"
type="cite">
<div style="direction: ltr;font-family: Tahoma;color:
#000000;font-size: 10pt;">
<br>
and the users I have in IDM from AD, their passwords are not
working<br>
</div>
</blockquote>
<br>
Right. This is one of the (many) problems with the passsync
approach - there currently is no way to populate the initial
passwords - that is, passsync/IdM cannot copy your passwords over
from AD to IdM.<br>
<br>
<blockquote
cite="mid:6FB698E172A95F49BE009B36D56F53E226C8B7@EXCHMB1-ELS.BWINC.local"
type="cite">
<div style="direction: ltr;font-family: Tahoma;color:
#000000;font-size: 10pt;">
<br>
<br>
<div style="font-family: Times New Roman; color: #000000;
font-size: 16px">
<hr tabindex="-1">
<div style="direction: ltr;" id="divRpF355147"><font
color="#000000" face="Tahoma" size="2"><b>From:</b> Rich
Megginson [<a class="moz-txt-link-abbreviated" href="mailto:rmeggins@redhat.com">rmeggins@redhat.com</a>]<br>
<b>Sent:</b> Tuesday, February 04, 2014 12:40 PM<br>
<b>To:</b> Todd Maugh; <a class="moz-txt-link-abbreviated" href="mailto:dpal@redhat.com">dpal@redhat.com</a><br>
<b>Cc:</b> <a class="moz-txt-link-abbreviated" href="mailto:freeipa-users@redhat.com">freeipa-users@redhat.com</a><br>
<b>Subject:</b> Re: Creating password sync<br>
</font><br>
</div>
<div>
<div class="moz-cite-prefix">On 02/04/2014 01:20 PM, Todd
Maugh wrote:<br>
</div>
<blockquote type="cite">
<div style="direction:ltr; font-family:Tahoma;
color:#000000; font-size:10pt">my passhook.log file is
empty<br>
</div>
</blockquote>
<br>
Have you changed any passwords in AD?<br>
<br>
<blockquote type="cite">
<div style="direction:ltr; font-family:Tahoma;
color:#000000; font-size:10pt">
<div style="font-family:Times New Roman; color:#000000;
font-size:16px">
<hr tabindex="-1">
<div id="divRpF268312" style="direction:ltr"><font
color="#000000" face="Tahoma" size="2"><b>From:</b>
<a moz-do-not-send="true"
class="moz-txt-link-abbreviated"
href="mailto:freeipa-users-bounces@redhat.com"
target="_blank">
freeipa-users-bounces@redhat.com</a> [<a
moz-do-not-send="true"
class="moz-txt-link-abbreviated"
href="mailto:freeipa-users-bounces@redhat.com"
target="_blank">freeipa-users-bounces@redhat.com</a>]
on behalf of Todd Maugh [<a moz-do-not-send="true"
class="moz-txt-link-abbreviated"
href="mailto:tmaugh@boingo.com" target="_blank">tmaugh@boingo.com</a>]<br>
<b>Sent:</b> Tuesday, February 04, 2014 11:56 AM<br>
<b>To:</b> Rich Megginson; <a
moz-do-not-send="true"
class="moz-txt-link-abbreviated"
href="mailto:dpal@redhat.com" target="_blank">
dpal@redhat.com</a><br>
<b>Cc:</b> <a moz-do-not-send="true"
class="moz-txt-link-abbreviated"
href="mailto:freeipa-users@redhat.com"
target="_blank">
freeipa-users@redhat.com</a><br>
<b>Subject:</b> Re: [Freeipa-users] Creating
password sync<br>
</font><br>
</div>
<div>
<div style="direction:ltr; font-family:Tahoma;
color:#000000; font-size:10pt">Im seeing these
errors in the passsync.log<br>
<br>
<span dir="ltr">
<div>32: No such object</div>
<div>02/03/14 16:23:40: Ldap error in
QueryUsername</div>
<div>32: No such object</div>
<div>02/03/14 16:57:48: Abandoning password
change for scottb, backoff expired</div>
<div>02/03/14 16:57:48: Ldap bind error in
Connect</div>
<div>32: No such object</div>
<div>02/03/14 16:57:48: Ldap error in
QueryUsername</div>
<div>32: No such object</div>
<div>02/03/14 18:06:04: Abandoning password
change for scottb, backoff expired</div>
<div>02/03/14 18:06:04: Ldap bind error in
Connect</div>
<div>32: No such object</div>
<div>02/04/14 10:24:59: PassSync service
initialized</div>
<div>02/04/14 10:24:59: PassSync service running</div>
<div>02/04/14 10:25:00: Ldap bind error in
Connect</div>
<div>32: No such object</div>
<div>02/04/14 10:58:37: Ldap bind error in
Connect</div>
<div>32: No such object</div>
<div>02/04/14 10:58:37: PassSync service stopped</div>
<div>02/04/14 10:58:38: PassSync service
initialized</div>
<div>02/04/14 10:58:38: PassSync service running</div>
<div>02/04/14 10:58:39: Ldap bind error in
Connect</div>
<div>32: No such object</div>
<div><br>
<br>
</div>
</span><br>
<div style="font-family:Times New Roman;
color:#000000; font-size:16px">
<hr tabindex="-1">
<div id="divRpF24542" style="direction:ltr"><font
color="#000000" face="Tahoma" size="2"><b>From:</b>
Rich Megginson [<a moz-do-not-send="true"
class="moz-txt-link-abbreviated"
href="mailto:rmeggins@redhat.com"
target="_blank">rmeggins@redhat.com</a>]<br>
<b>Sent:</b> Tuesday, February 04, 2014 9:19
AM<br>
<b>To:</b> Todd Maugh; <a
moz-do-not-send="true"
class="moz-txt-link-abbreviated"
href="mailto:dpal@redhat.com"
target="_blank">
dpal@redhat.com</a><br>
<b>Cc:</b> <a moz-do-not-send="true"
class="moz-txt-link-abbreviated"
href="mailto:freeipa-users@redhat.com"
target="_blank">
freeipa-users@redhat.com</a><br>
<b>Subject:</b> Re: Creating password sync<br>
</font><br>
</div>
<div>
<div class="moz-cite-prefix">On 02/04/2014
10:17 AM, Todd Maugh wrote:<br>
</div>
<blockquote type="cite">
<style id="owaParaStyle" type="text/css">
<!--
p
{margin-top:0;
margin-bottom:0}
p
{margin-top:0;
margin-bottom:0}
body
{direction:ltr;
font-family:Tahoma;
color:#000000;
font-size:10pt}
p
{margin-top:0;
margin-bottom:0}
body
{direction:ltr;
font-family:Tahoma;
color:#000000;
font-size:10pt}
p
{margin-top:0;
margin-bottom:0}
-->
BODY {direction: ltr;font-family: Tahoma;color: #000000;font-size: 10pt;}P {margin-top:0;margin-bottom:0;}</style>
<div style="direction:ltr;
font-family:Tahoma; color:#000000;
font-size:10pt">also I have verified the
password synchronization service is
started and running on the windows 2008 R2
server<br>
<br>
<br>
but I cant tell if or what it is doing
because iM not getting passwords to my IDM<br>
</div>
</blockquote>
<a moz-do-not-send="true"
class="moz-txt-link-freetext"
href="http://port389.org/wiki/Howto:WindowsSync#PassSync_Logging"
target="_blank">http://port389.org/wiki/Howto:WindowsSync#PassSync_Logging</a><br>
<br>
You can also look at the 389 access log to see
if you have connections from the windows box.<br>
<br>
<blockquote type="cite">
<div style="direction:ltr;
font-family:Tahoma; color:#000000;
font-size:10pt">
<div style="font-family:Times New Roman;
color:#000000; font-size:16px">
<hr tabindex="-1">
<div id="divRpF273180"
style="direction:ltr"><font
color="#000000" face="Tahoma"
size="2"><b>From:</b>
<a moz-do-not-send="true"
class="moz-txt-link-abbreviated"
href="mailto:freeipa-users-bounces@redhat.com"
target="_blank">
freeipa-users-bounces@redhat.com</a>
[<a moz-do-not-send="true"
class="moz-txt-link-abbreviated"
href="mailto:freeipa-users-bounces@redhat.com"
target="_blank">freeipa-users-bounces@redhat.com</a>]
on behalf of Todd Maugh [<a
moz-do-not-send="true"
class="moz-txt-link-abbreviated"
href="mailto:tmaugh@boingo.com"
target="_blank">tmaugh@boingo.com</a>]<br>
<b>Sent:</b> Tuesday, February 04,
2014 9:04 AM<br>
<b>To:</b> Rich Megginson; <a
moz-do-not-send="true"
class="moz-txt-link-abbreviated"
href="mailto:dpal@redhat.com"
target="_blank">
dpal@redhat.com</a><br>
<b>Cc:</b> <a
moz-do-not-send="true"
class="moz-txt-link-abbreviated"
href="mailto:freeipa-users@redhat.com"
target="_blank">
freeipa-users@redhat.com</a><br>
<b>Subject:</b> [Freeipa-users]
Creating password sync<br>
</font><br>
</div>
<div>
<div style="direction:ltr;
font-family:Tahoma; color:#000000;
font-size:10pt">Ok, So I have my
replication agreement set up.<br>
<br>
and I see accounts coming in to my
IDM server from AD<br>
<br>
I have followed this guide from
redhat <br>
<br>
<a moz-do-not-send="true"
class="moz-txt-link-freetext"
href="https://access.redhat.com/site/documentation/en-US/Red_Hat_Enterprise_Linux/6/html/Identity_Management_Guide/pass-sync.html"
target="_blank">https://access.redhat.com/site/documentation/en-US/Red_Hat_Enterprise_Linux/6/html/Identity_Management_Guide/pass-sync.html</a><br>
<br>
to set up my password sync. <br>
<br>
I get no errors<br>
<br>
but my passwords are not syncing!<br>
<br>
Help! the documentation tells o fno
way to verify or trouble shoot<br>
<br>
<br>
Thank You<br>
<br>
-Todd Maugh<br>
<a moz-do-not-send="true"
class="moz-txt-link-abbreviated"
href="mailto:tmaugh@boingo.com"
target="_blank">tmaugh@boingo.com</a><br>
</div>
</div>
</div>
</div>
</blockquote>
<br>
</div>
</div>
</div>
</div>
</div>
</div>
</blockquote>
<br>
</div>
</div>
</div>
</blockquote>
<br>
</body>
</html>