Thanks for responding. I have windows 2000, the default password policy is disabled by default, but I did turn it on to see if that was the problem and also tried more complex passwords when testing. Nothing has worked so far. I'm not even sure if there is any other tests that I can do, I've turned up the logging, but it still doesn't give me any clues as to what is going on. Thanks, Jeff nattapon viroonsri wrote: > > When i add user or change password at fds side , it stuck with windows > (2003) default password policy. > So i have to chage to more strict password or disable policy at ads , > then fds sync with ads completely.( can log on to ads with same > password as fds user) > > im not sure this is same case as you. > > Regards, > Nattapon > > >> From: Jeff Gamsby <JFGamsby at lbl.gov> >> Reply-To: "General discussion list for the Fedora Directory server >> project." <fedora-directory-users at redhat.com> >> To: "General discussion list for the Fedora Directory server >> project." <fedora-directory-users at redhat.com> >> Subject: PassSync only working one way >> Date: Tue, 13 Jun 2006 15:08:03 -0700 >> MIME-Version: 1.0 >> Received: from hormel.redhat.com ([209.132.177.30]) by >> bay0-mc4-f5.bay0.hotmail.com with Microsoft SMTPSVC(6.0.3790.2444); >> Tue, 13 Jun 2006 15:08:15 -0700 >> Received: from listman.util.phx.redhat.com >> (listman.util.phx.redhat.com [10.8.4.110])by hormel.redhat.com >> (Postfix) with ESMTPid 7DA3A73550; Tue, 13 Jun 2006 18:08:12 -0400 (EDT) >> Received: from int-mx1.corp.redhat.com >> (int-mx1.corp.redhat.com[172.16.52.254])by >> listman.util.phx.redhat.com (8.13.1/8.13.1) with ESMTP >> idk5DM8BEP021980for >> <fedora-directory-users at listman.util.phx.redhat.com>;Tue, 13 Jun 2006 >> 18:08:11 -0400 >> Received: from mx1.redhat.com (mx1.redhat.com [172.16.48.31])by >> int-mx1.corp.redhat.com (8.12.11.20060308/8.12.11) with ESMTP >> idk5DM8B7P010237for <fedora-directory-users at redhat.com>; Tue, 13 Jun >> 2006 18:08:11 -0400 >> Received: from mta1.lbl.gov (mta1.lbl.gov [128.3.41.24])by >> mx1.redhat.com (8.12.11.20060308/8.12.11) with ESMTP >> idk5DM8ATa017845for <fedora-directory-users at redhat.com>; Tue, 13 Jun >> 2006 18:08:10 -0400 >> Received: from mta1.lbl.gov (localhost [127.0.0.1])by mta1.lbl.gov >> (8.13.6/8.13.6) with ESMTP id k5DM83Do029430for >> <fedora-directory-users at redhat.com>;Tue, 13 Jun 2006 15:08:03 -0700 >> (PDT) >> Received: from [131.243.161.186] (charlie.lbl.gov >> [131.243.161.186])by mta1.lbl.gov (8.13.6/8.13.6) with ESMTP id >> k5DM82oT029426for <fedora-directory-users at redhat.com>;Tue, 13 Jun >> 2006 15:08:03 -0700 (PDT) >> X-Message-Info: LsUYwwHHNt1YGVdsJHk9XJ3CjXqSQnQhAaTm5/PIsXI= >> User-Agent: Thunderbird 1.5.0.4 (Windows/20060516) >> X-Virus-Scanned: ClamAV 0.88.2/1538/Tue Jun 13 13:17:56 2006 on mta1 >> X-Virus-Status: Clean >> X-RedHat-Spam-Score: 0 X-loop: fedora-directory-users at redhat.com >> X-BeenThere: fedora-directory-users at redhat.com >> X-Mailman-Version: 2.1.5 >> Precedence: junk >> List-Id: "General discussion list for the Fedora Directory server >> project."<fedora-directory-users.redhat.com> >> List-Unsubscribe: >> <https://www.redhat.com/mailman/listinfo/fedora-directory-users>,<mailto:fedora-directory-users-request at redhat.com?subject=unsubscribe> >> >> List-Archive: <https://www.redhat.com/archives/fedora-directory-users> >> List-Post: <mailto:fedora-directory-users at redhat.com> >> List-Help: >> <mailto:fedora-directory-users-request at redhat.com?subject=help> >> List-Subscribe: >> <https://www.redhat.com/mailman/listinfo/fedora-directory-users>,<mailto:fedora-directory-users-request at redhat.com?subject=subscribe> >> >> Errors-To: fedora-directory-users-bounces at redhat.com >> Return-Path: fedora-directory-users-bounces at redhat.com >> X-OriginalArrivalTime: 13 Jun 2006 22:08:16.0215 (UTC) >> FILETIME=[DEE3D670:01C68F35] >> >> I thought that I had the PassSync working until I ran into this problem: >> >> Passwords are not synchronized from FDS to AD. When accounts are >> added to FDS, they do show up in AD ( Although sometimes the cn >> attribute gets base64 encoded ), but I cannot authenticate to AD. >> When I change passwords in the FDS side, they are not changed ( or >> not sent ) to AD. If I change passwords in AD, they are changed in >> the FDS. >> >> The logs show that something is happening (changed host names and dn's) >> >> [13/Jun/2006:15:03:41 -0700] NSMMReplicationPlugin - agmt="cn=AD" >> (ad:636): No linger to cancel on the connection >> [13/Jun/2006:15:03:41 -0700] NSMMReplicationPlugin - >> windows_acquire_replica returned success (101) >> [13/Jun/2006:15:03:41 -0700] NSMMReplicationPlugin - agmt="cn=AD" >> (ad:636): State: ready_to_acquire_replica -> sending_updates >> [13/Jun/2006:15:03:41 -0700] - _cl5PositionCursorForReplay >> (agmt="cn=AD" (ad:636)): Consumer RUV: >> [13/Jun/2006:15:03:41 -0700] NSMMReplicationPlugin - agmt="cn=AD" >> (ad:636): {replicageneration} 448f18ae000000010000 >> [13/Jun/2006:15:03:41 -0700] NSMMReplicationPlugin - agmt="cn=AD" >> (ad:636): {replica 1 ldap://fds:389} 448f18e4000100010000 >> 448f363d03d400010000 448f363d >> [13/Jun/2006:15:03:41 -0700] - _cl5PositionCursorForReplay >> (agmt="cn=AD" (ad:636)): Supplier RUV: >> [13/Jun/2006:15:03:41 -0700] NSMMReplicationPlugin - agmt="cn=AD" >> (ad:636): {replicageneration} 448f18ae000000010000 >> [13/Jun/2006:15:03:41 -0700] NSMMReplicationPlugin - agmt="cn=AD" >> (ad:636): {replica 1 ldap://fds:389} 448f18e4000100010000 >> 448f363d03d700010000 448f363d >> [13/Jun/2006:15:03:41 -0700] agmt="cn=AD" (ad:636) - session start: >> anchorcsn=448f363d03d400010000 >> [13/Jun/2006:15:03:41 -0700] NSMMReplicationPlugin - changelog >> program - agmt="cn=AD" (ad:636): CSN 448f363d03d400010000 found, >> position set for replay >> [13/Jun/2006:15:03:41 -0700] agmt="cn=AD" (ad:636) - load=1 rec=1 >> csn=448f363d03d600010000 >> [13/Jun/2006:15:03:41 -0700] NSMMReplicationPlugin - agmt="cn=AD" >> (ad:636): windows_replay_update: Looking at modify operation local >> dn="uid=user,ou=people,dc=server,dc=,dc=" (ours,user,not group) >> [13/Jun/2006:15:03:41 -0700] NSMMReplicationPlugin - agmt="cn=AD" >> (ad:636): windows_replay_update: Processing modify operation local >> dn="uid=user,ou=people,dc=server,dc=,dc=" remote >> dn="<GUID=16f869dcfdde3d42bcb075fd4a1c7980>" >> >> >> I'm not sure what is going on, I can talk via SSL from FDS to AD, and >> I'm assuming that the PassSync service is working properly since the >> changes from AD to FDS work. >> >> Any suggestions? >> >> >> -- >> Fedora-directory-users mailing list >> Fedora-directory-users at redhat.com >> https://www.redhat.com/mailman/listinfo/fedora-directory-users > > _________________________________________________________________ > Express yourself instantly with MSN Messenger! Download today it's > FREE! http://messenger.msn.click-url.com/go/onm00200471ave/direct/01/ > > -- > Fedora-directory-users mailing list > Fedora-directory-users at redhat.com > https://www.redhat.com/mailman/listinfo/fedora-directory-users
