Correct. It was not enabled when I first installed and configured PassSync. I tried to use ldapmodify to change the password, but that didn't work either. To use ldapmodify, do I change UnicodePwd? How do I generate UnicodePwd? dn: cn=user,cn=users,dc=ad,dc=server,dc=com changetype: modify replace: unicodepwd unicodepwd: Thanks Jeff Nathan Kinder wrote: > Jeff Gamsby wrote: >> >> Thanks for responding. >> I have windows 2000, the default password policy is disabled by >> default, but I did turn it on to see if that was the problem and also >> tried more complex passwords when testing. Nothing has worked so far. >> I'm not even sure if there is any other tests that I can do, I've >> turned up the logging, but it still doesn't give me any clues as to >> what is going on. > Are you saying that you enabled Active Directorys password complexity > option? I'm pretty sure that is required for passwords to sync from > FDS -> AD. You could also attempt to use ldapmodify against AD to > remotely change a users password over SSL as a test. > > It sounds like everything with the PassSync service is fine since > passwords are working from AD -> FDS. > > -NGK >> >> Thanks, >> Jeff >> >> nattapon viroonsri wrote: >>> >>> When i add user or change password at fds side , it stuck with >>> windows (2003) default password policy. >>> So i have to chage to more strict password or disable policy at ads , >>> then fds sync with ads completely.( can log on to ads with same >>> password as fds user) >>> >>> im not sure this is same case as you. >>> >>> Regards, >>> Nattapon >>> >>> >>>> From: Jeff Gamsby <JFGamsby at lbl.gov> >>>> Reply-To: "General discussion list for the Fedora Directory server >>>> project." <fedora-directory-users at redhat.com> >>>> To: "General discussion list for the Fedora Directory server >>>> project." <fedora-directory-users at redhat.com> >>>> Subject: PassSync only working one way >>>> Date: Tue, 13 Jun 2006 15:08:03 -0700 >>>> MIME-Version: 1.0 >>>> Received: from hormel.redhat.com ([209.132.177.30]) by >>>> bay0-mc4-f5.bay0.hotmail.com with Microsoft SMTPSVC(6.0.3790.2444); >>>> Tue, 13 Jun 2006 15:08:15 -0700 >>>> Received: from listman.util.phx.redhat.com >>>> (listman.util.phx.redhat.com [10.8.4.110])by hormel.redhat.com >>>> (Postfix) with ESMTPid 7DA3A73550; Tue, 13 Jun 2006 18:08:12 -0400 >>>> (EDT) >>>> Received: from int-mx1.corp.redhat.com >>>> (int-mx1.corp.redhat.com[172.16.52.254])by >>>> listman.util.phx.redhat.com (8.13.1/8.13.1) with ESMTP >>>> idk5DM8BEP021980for >>>> <fedora-directory-users at listman.util.phx.redhat.com>;Tue, 13 Jun >>>> 2006 18:08:11 -0400 >>>> Received: from mx1.redhat.com (mx1.redhat.com [172.16.48.31])by >>>> int-mx1.corp.redhat.com (8.12.11.20060308/8.12.11) with ESMTP >>>> idk5DM8B7P010237for <fedora-directory-users at redhat.com>; Tue, 13 >>>> Jun 2006 18:08:11 -0400 >>>> Received: from mta1.lbl.gov (mta1.lbl.gov [128.3.41.24])by >>>> mx1.redhat.com (8.12.11.20060308/8.12.11) with ESMTP >>>> idk5DM8ATa017845for <fedora-directory-users at redhat.com>; Tue, 13 >>>> Jun 2006 18:08:10 -0400 >>>> Received: from mta1.lbl.gov (localhost [127.0.0.1])by mta1.lbl.gov >>>> (8.13.6/8.13.6) with ESMTP id k5DM83Do029430for >>>> <fedora-directory-users at redhat.com>;Tue, 13 Jun 2006 15:08:03 -0700 >>>> (PDT) >>>> Received: from [131.243.161.186] (charlie.lbl.gov >>>> [131.243.161.186])by mta1.lbl.gov (8.13.6/8.13.6) with ESMTP id >>>> k5DM82oT029426for <fedora-directory-users at redhat.com>;Tue, 13 Jun >>>> 2006 15:08:03 -0700 (PDT) >>>> X-Message-Info: LsUYwwHHNt1YGVdsJHk9XJ3CjXqSQnQhAaTm5/PIsXI= >>>> User-Agent: Thunderbird 1.5.0.4 (Windows/20060516) >>>> X-Virus-Scanned: ClamAV 0.88.2/1538/Tue Jun 13 13:17:56 2006 on mta1 >>>> X-Virus-Status: Clean >>>> X-RedHat-Spam-Score: 0 X-loop: fedora-directory-users at redhat.com >>>> X-BeenThere: fedora-directory-users at redhat.com >>>> X-Mailman-Version: 2.1.5 >>>> Precedence: junk >>>> List-Id: "General discussion list for the Fedora Directory server >>>> project."<fedora-directory-users.redhat.com> >>>> List-Unsubscribe: >>>> <https://www.redhat.com/mailman/listinfo/fedora-directory-users>,<mailto:fedora-directory-users-request at redhat.com?subject=unsubscribe> >>>> >>>> List-Archive: <https://www.redhat.com/archives/fedora-directory-users> >>>> List-Post: <mailto:fedora-directory-users at redhat.com> >>>> List-Help: >>>> <mailto:fedora-directory-users-request at redhat.com?subject=help> >>>> List-Subscribe: >>>> <https://www.redhat.com/mailman/listinfo/fedora-directory-users>,<mailto:fedora-directory-users-request at redhat.com?subject=subscribe> >>>> >>>> Errors-To: fedora-directory-users-bounces at redhat.com >>>> Return-Path: fedora-directory-users-bounces at redhat.com >>>> X-OriginalArrivalTime: 13 Jun 2006 22:08:16.0215 (UTC) >>>> FILETIME=[DEE3D670:01C68F35] >>>> >>>> I thought that I had the PassSync working until I ran into this >>>> problem: >>>> >>>> Passwords are not synchronized from FDS to AD. When accounts are >>>> added to FDS, they do show up in AD ( Although sometimes the cn >>>> attribute gets base64 encoded ), but I cannot authenticate to AD. >>>> When I change passwords in the FDS side, they are not changed ( or >>>> not sent ) to AD. If I change passwords in AD, they are changed in >>>> the FDS. >>>> >>>> The logs show that something is happening (changed host names and >>>> dn's) >>>> >>>> [13/Jun/2006:15:03:41 -0700] NSMMReplicationPlugin - agmt="cn=AD" >>>> (ad:636): No linger to cancel on the connection >>>> [13/Jun/2006:15:03:41 -0700] NSMMReplicationPlugin - >>>> windows_acquire_replica returned success (101) >>>> [13/Jun/2006:15:03:41 -0700] NSMMReplicationPlugin - agmt="cn=AD" >>>> (ad:636): State: ready_to_acquire_replica -> sending_updates >>>> [13/Jun/2006:15:03:41 -0700] - _cl5PositionCursorForReplay >>>> (agmt="cn=AD" (ad:636)): Consumer RUV: >>>> [13/Jun/2006:15:03:41 -0700] NSMMReplicationPlugin - agmt="cn=AD" >>>> (ad:636): {replicageneration} 448f18ae000000010000 >>>> [13/Jun/2006:15:03:41 -0700] NSMMReplicationPlugin - agmt="cn=AD" >>>> (ad:636): {replica 1 ldap://fds:389} 448f18e4000100010000 >>>> 448f363d03d400010000 448f363d >>>> [13/Jun/2006:15:03:41 -0700] - _cl5PositionCursorForReplay >>>> (agmt="cn=AD" (ad:636)): Supplier RUV: >>>> [13/Jun/2006:15:03:41 -0700] NSMMReplicationPlugin - agmt="cn=AD" >>>> (ad:636): {replicageneration} 448f18ae000000010000 >>>> [13/Jun/2006:15:03:41 -0700] NSMMReplicationPlugin - agmt="cn=AD" >>>> (ad:636): {replica 1 ldap://fds:389} 448f18e4000100010000 >>>> 448f363d03d700010000 448f363d >>>> [13/Jun/2006:15:03:41 -0700] agmt="cn=AD" (ad:636) - session start: >>>> anchorcsn=448f363d03d400010000 >>>> [13/Jun/2006:15:03:41 -0700] NSMMReplicationPlugin - changelog >>>> program - agmt="cn=AD" (ad:636): CSN 448f363d03d400010000 found, >>>> position set for replay >>>> [13/Jun/2006:15:03:41 -0700] agmt="cn=AD" (ad:636) - load=1 rec=1 >>>> csn=448f363d03d600010000 >>>> [13/Jun/2006:15:03:41 -0700] NSMMReplicationPlugin - agmt="cn=AD" >>>> (ad:636): windows_replay_update: Looking at modify operation local >>>> dn="uid=user,ou=people,dc=server,dc=,dc=" (ours,user,not group) >>>> [13/Jun/2006:15:03:41 -0700] NSMMReplicationPlugin - agmt="cn=AD" >>>> (ad:636): windows_replay_update: Processing modify operation local >>>> dn="uid=user,ou=people,dc=server,dc=,dc=" remote >>>> dn="<GUID=16f869dcfdde3d42bcb075fd4a1c7980>" >>>> >>>> >>>> I'm not sure what is going on, I can talk via SSL from FDS to AD, >>>> and I'm assuming that the PassSync service is working properly >>>> since the changes from AD to FDS work. >>>> >>>> Any suggestions? >>>> >>>> >>>> -- >>>> Fedora-directory-users mailing list >>>> Fedora-directory-users at redhat.com >>>> https://www.redhat.com/mailman/listinfo/fedora-directory-users >>> >>> _________________________________________________________________ >>> Express yourself instantly with MSN Messenger! Download today it's >>> FREE! http://messenger.msn.click-url.com/go/onm00200471ave/direct/01/ >>> >>> -- >>> Fedora-directory-users mailing list >>> Fedora-directory-users at redhat.com >>> https://www.redhat.com/mailman/listinfo/fedora-directory-users >> >> -- >> Fedora-directory-users mailing list >> Fedora-directory-users at redhat.com >> https://www.redhat.com/mailman/listinfo/fedora-directory-users > > ------------------------------------------------------------------------ > > -- > Fedora-directory-users mailing list > Fedora-directory-users at redhat.com > https://www.redhat.com/mailman/listinfo/fedora-directory-users >