Sorry for my late reply... I checked the logs both on the AD server and FDS server. Although I was able to change a password from AD to FDS, I still can't sync new accounts from FDS to AD without having to enable and reset the password on the account at the first time May be this error means something "NSMMReplicationPlugin - failed to send dirsync search request: 2" As for ssltap, I don't know how to use it?! What should I get?! I have attached the logs of the 2 servers regards abdelrahman This is the log on AD (passsync.log) 04/08/06 15:13:36: PassSync service started 04/08/06 15:13:36: 1 new entries loaded from data file 04/08/06 15:13:36: Cleared contents of data file 04/08/06 15:13:36: Password list has 1 entries 04/08/06 15:13:36: Attempting to sync password for __VMWARE_USER__ 04/08/06 15:13:36: Searching for (ntuserdomainid=__VMWARE_USER__) 04/08/06 15:13:37: Password modified for remote entry: uid=__VMWARE_USER__,ou=People,dc=mycompany,dc=com 04/08/06 15:13:37: Removing password change from list 04/08/06 15:13:37: Password list is empty. Waiting for passhook event 04/09/06 16:40:11: Received passhook event. Attempting sync 04/09/06 16:40:11: 1 new entries loaded from data file 04/09/06 16:40:11: Cleared contents of data file 04/09/06 16:40:11: Password list has 1 entries 04/09/06 16:40:11: Attempting to sync password for testr 04/09/06 16:40:11: Searching for (ntuserdomainid=testr) 04/09/06 16:40:11: Password modified for remote entry: uid=testr,ou=People,dc=mycompany,dc=com 04/09/06 16:40:11: Removing password change from list 04/09/06 16:40:11: Password list is empty. Waiting for passhook event 04/09/06 16:40:12: Received passhook event. Attempting sync 04/09/06 16:40:12: 1 new entries loaded from data file 04/09/06 16:40:12: Cleared contents of data file 04/09/06 16:40:12: Password list has 1 entries 04/09/06 16:40:12: Attempting to sync password for testr 04/09/06 16:40:12: Searching for (ntuserdomainid=testr) 04/09/06 16:40:12: Password match, no modify performed: testr 04/09/06 16:40:12: Removing password change from list 04/09/06 16:40:12: Password list is empty. Waiting for passhook event 04/09/06 16:40:55: Received passhook event. Attempting sync 04/09/06 16:40:55: 1 new entries loaded from data file 04/09/06 16:40:55: Cleared contents of data file 04/09/06 16:40:55: Password list has 1 entries 04/09/06 16:40:55: Attempting to sync password for testr 04/09/06 16:40:55: Searching for (ntuserdomainid=testr) 04/09/06 16:40:55: Password modified for remote entry: uid=testr,ou=People,dc=mycompany,dc=com 04/09/06 16:40:55: Removing password change from list 04/09/06 16:40:55: Password list is empty. Waiting for passhook event 04/09/06 16:40:55: Received passhook event. Attempting sync 04/09/06 16:40:55: 1 new entries loaded from data file 04/09/06 16:40:55: Cleared contents of data file 04/09/06 16:40:55: Password list has 1 entries 04/09/06 16:40:55: Attempting to sync password for testr 04/09/06 16:40:55: Searching for (ntuserdomainid=testr) 04/09/06 16:40:55: Password match, no modify performed: testr 04/09/06 16:40:55: Removing password change from list 04/09/06 16:40:55: Password list is empty. Waiting for passhook event 04/09/06 16:43:28: Received passhook event. Attempting sync 04/09/06 16:43:28: 1 new entries loaded from data file 04/09/06 16:43:28: Cleared contents of data file 04/09/06 16:43:28: Password list has 1 entries 04/09/06 16:43:28: Attempting to sync password for testr 04/09/06 16:43:28: Searching for (ntuserdomainid=testr) 04/09/06 16:43:28: Password modified for remote entry: uid=testr,ou=People,dc=mycompany,dc=com 04/09/06 16:43:28: Removing password change from list 04/09/06 16:43:28: Password list is empty. Waiting for passhook event 04/09/06 16:43:28: Received passhook event. Attempting sync 04/09/06 16:43:28: 1 new entries loaded from data file 04/09/06 16:43:28: Cleared contents of data file 04/09/06 16:43:28: Password list has 1 entries 04/09/06 16:43:28: Attempting to sync password for testr 04/09/06 16:43:28: Searching for (ntuserdomainid=testr) 04/09/06 16:43:28: Password match, no modify performed: testr 04/09/06 16:43:28: Removing password change from list 04/09/06 16:43:28: Password list is empty. Waiting for passhook event ------------------------------------------------------------------------ This is Errors log on FDS Fedora-Directory/1.0.1 B2005.342.165 rhnk:636 (/opt/fedora-ds/slapd-rhnk) [08/Apr/2006:13:26:17 +0200] - slapd shutting down - signaling operation threads [08/Apr/2006:13:26:17 +0200] - slapd shutting down - waiting for 30 threads to terminate [08/Apr/2006:13:26:17 +0200] - slapd shutting down - closing down internal subsystems and plugins [08/Apr/2006:13:26:19 +0200] - Waiting for 4 database threads to stop [08/Apr/2006:13:26:20 +0200] - All database threads now stopped [08/Apr/2006:13:26:20 +0200] - slapd stopped. [08/Apr/2006:13:26:22 +0200] - Fedora-Directory/1.0.1 B2005.342.165 starting up [08/Apr/2006:13:26:23 +0200] NSMMReplicationPlugin - replica_check_for_data_reload: Warning: data for replica dc=mycompany,dc=com was reloaded and it no longer matches the data in the changelog (replica data > changelog). Recreating the changelog file. This could affect replication with replica's consumers in which case the consumers should be reinitialized. [08/Apr/2006:13:26:23 +0200] - slapd started. Listening on All Interfaces port 389 for LDAP requests [08/Apr/2006:13:26:23 +0200] - Listening on All Interfaces port 636 for LDAPS requests [08/Apr/2006:13:26:56 +0200] agmt="cn=Metranknew" (metrank:636) - Can't locate CSN 4431a289000000020000 in the changelog (DB rc=-30990). The consumer may need to be reinitialized. [08/Apr/2006:13:27:06 +0200] NSMMReplicationPlugin - Beginning total update of replica "agmt="cn=Metranknew" (metrank:636)". [08/Apr/2006:13:27:07 +0200] NSMMReplicationPlugin - Finished total update of replica "agmt="cn=Metranknew" (metrank:636)". Sent 10 entries. [08/Apr/2006:13:36:23 +0200] NSMMReplicationPlugin - agmt="cn=Metranknew" (metrank:636): Simple bind resumed [08/Apr/2006:14:16:23 +0200] NSMMReplicationPlugin - failed to send dirsync search request: 2 [08/Apr/2006:14:31:23 +0200] NSMMReplicationPlugin - failed to send dirsync search request: 2 [08/Apr/2006:15:06:23 +0200] NSMMReplicationPlugin - failed to send dirsync search request: 2 [08/Apr/2006:15:26:23 +0200] NSMMReplicationPlugin - failed to send dirsync search request: 2 [08/Apr/2006:15:46:23 +0200] NSMMReplicationPlugin - failed to send dirsync search request: 2 [08/Apr/2006:15:56:23 +0200] NSMMReplicationPlugin - failed to send dirsync search request: 2 [08/Apr/2006:17:31:23 +0200] NSMMReplicationPlugin - failed to send dirsync search request: 2 [08/Apr/2006:18:01:23 +0200] NSMMReplicationPlugin - failed to send dirsync search request: 2 [08/Apr/2006:22:36:23 +0200] NSMMReplicationPlugin - failed to send dirsync search request: 2 [08/Apr/2006:22:56:23 +0200] NSMMReplicationPlugin - failed to send dirsync search request: 2 [09/Apr/2006:01:01:23 +0200] NSMMReplicationPlugin - failed to send dirsync search request: 2 [09/Apr/2006:02:21:23 +0200] NSMMReplicationPlugin - failed to send dirsync search request: 2 [09/Apr/2006:02:31:23 +0200] NSMMReplicationPlugin - failed to send dirsync search request: 2 [09/Apr/2006:02:56:23 +0200] NSMMReplicationPlugin - failed to send dirsync search request: 2 [09/Apr/2006:03:21:23 +0200] NSMMReplicationPlugin - failed to send dirsync search request: 2 [09/Apr/2006:03:31:23 +0200] NSMMReplicationPlugin - failed to send dirsync search request: 2 [09/Apr/2006:04:11:23 +0200] NSMMReplicationPlugin - failed to send dirsync search request: 2 [09/Apr/2006:04:21:23 +0200] NSMMReplicationPlugin - failed to send dirsync search request: 2 [09/Apr/2006:04:36:23 +0200] NSMMReplicationPlugin - failed to send dirsync search request: 2 [09/Apr/2006:04:46:23 +0200] NSMMReplicationPlugin - failed to send dirsync search request: 2 [09/Apr/2006:05:11:23 +0200] NSMMReplicationPlugin - failed to send dirsync search request: 2 [09/Apr/2006:05:36:23 +0200] NSMMReplicationPlugin - failed to send dirsync search request: 2 [09/Apr/2006:06:26:23 +0200] NSMMReplicationPlugin - failed to send dirsync search request: 2 [09/Apr/2006:07:06:23 +0200] NSMMReplicationPlugin - failed to send dirsync search request: 2 [09/Apr/2006:07:21:23 +0200] NSMMReplicationPlugin - failed to send dirsync search request: 2 [09/Apr/2006:07:31:23 +0200] NSMMReplicationPlugin - failed to send dirsync search request: 2 [09/Apr/2006:07:41:23 +0200] NSMMReplicationPlugin - failed to send dirsync search request: 2 [09/Apr/2006:07:51:23 +0200] NSMMReplicationPlugin - failed to send dirsync search request: 2 [09/Apr/2006:09:06:23 +0200] NSMMReplicationPlugin - failed to send dirsync search request: 2 [09/Apr/2006:09:26:23 +0200] NSMMReplicationPlugin - failed to send dirsync search request: 2 [09/Apr/2006:09:36:23 +0200] NSMMReplicationPlugin - failed to send dirsync search request: 2 [09/Apr/2006:10:11:23 +0200] NSMMReplicationPlugin - failed to send dirsync search request: 2 [09/Apr/2006:11:06:23 +0200] NSMMReplicationPlugin - failed to send dirsync search request: 2 [09/Apr/2006:11:41:23 +0200] NSMMReplicationPlugin - failed to send dirsync search request: 2 [09/Apr/2006:12:06:23 +0200] NSMMReplicationPlugin - failed to send dirsync search request: 2 [09/Apr/2006:12:16:23 +0200] NSMMReplicationPlugin - failed to send dirsync search request: 2 [09/Apr/2006:12:56:23 +0200] NSMMReplicationPlugin - failed to send dirsync search request: 2 [09/Apr/2006:13:11:23 +0200] NSMMReplicationPlugin - failed to send dirsync search request: 2 [09/Apr/2006:13:21:23 +0200] NSMMReplicationPlugin - failed to send dirsync search request: 2 [09/Apr/2006:14:16:23 +0200] NSMMReplicationPlugin - failed to send dirsync search request: 2 [09/Apr/2006:14:31:23 +0200] NSMMReplicationPlugin - failed to send dirsync search request: 2 [09/Apr/2006:14:51:23 +0200] NSMMReplicationPlugin - failed to send dirsync search request: 2 [09/Apr/2006:15:11:23 +0200] NSMMReplicationPlugin - failed to send dirsync search request: 2 [09/Apr/2006:15:26:23 +0200] NSMMReplicationPlugin - failed to send dirsync search request: 2 [09/Apr/2006:16:11:23 +0200] NSMMReplicationPlugin - failed to send dirsync search request: 2 [09/Apr/2006:16:26:23 +0200] NSMMReplicationPlugin - failed to send dirsync search request: 2 --------------------------------------------------------------------------- -----Original Message----- From: fedora-directory-users-bounces at redhat.com [mailto:fedora-directory-users-bounces at redhat.com] On Behalf Of Daniel Shackelford Sent: Monday, April 03, 2006 2:44 PM To: fedora-directory-users at redhat.com Subject: FDS AD Sync I don't think it is an issue with settings in AD. Server 2003 will automatically disable an account that is created with a blank password. This seems to fit with what you are seeing, since the account is immediately disabled in AD and the user is required to change their password. Is your SSL setup working? You can use ssltap (in /opt/fedora-ds/shared/bin if you used the installed defaults) to proxy the connections and see what is going (or not going) back and forth. Replication requires SSL in order to sync passwords, and unless it is set up correctly on both FDS and the DC with PassSync, you will not get any passwords, period. What do your logs in FDS say when you add a user? Are there any errors? If the logs are not very informative, use the console to increase the log level. Passwords are the trickiest part of this setup, simply because they require SSL/certificates and an extra app on the DC. The wiki has detailed instructions. If you need more help, posting error messages and log info would be very helpful. -- Fedora-directory-users mailing list Fedora-directory-users at redhat.com https://www.redhat.com/mailman/listinfo/fedora-directory-users
