UnicodePwd has to be little-endian unicode and with quotes around it. You can do something like... echo \"Secret12\" > pass.txt iconv -t UNICODELITTLE -o unicodepass.txt pass.txt And then base64 encode unicodepass.txt and use the result for unicodePwd value. I got the details from http://support.microsoft.com/?kbid=269190 originally. Ulf Jeff Gamsby wrote: > Correct. It was not enabled when I first installed and configured > PassSync. I tried to use ldapmodify to change the password, but that > didn't work either. > > To use ldapmodify, do I change UnicodePwd? > > How do I generate UnicodePwd? > > dn: cn=user,cn=users,dc=ad,dc=server,dc=com > changetype: modify > replace: unicodepwd > unicodepwd: > > Thanks > Jeff > > > Nathan Kinder wrote: > >> Jeff Gamsby wrote: >> >>> >>> Thanks for responding. >>> I have windows 2000, the default password policy is disabled by >>> default, but I did turn it on to see if that was the problem and >>> also tried more complex passwords when testing. Nothing has worked >>> so far. I'm not even sure if there is any other tests that I can do, >>> I've turned up the logging, but it still doesn't give me any clues >>> as to what is going on. >> >> Are you saying that you enabled Active Directorys password complexity >> option? I'm pretty sure that is required for passwords to sync from >> FDS -> AD. You could also attempt to use ldapmodify against AD to >> remotely change a users password over SSL as a test. >> >> It sounds like everything with the PassSync service is fine since >> passwords are working from AD -> FDS. >> >> -NGK >> >>> >>> Thanks, >>> Jeff >>> >>> nattapon viroonsri wrote: >>> >>>> >>>> When i add user or change password at fds side , it stuck with >>>> windows (2003) default password policy. >>>> So i have to chage to more strict password or disable policy at ads , >>>> then fds sync with ads completely.( can log on to ads with same >>>> password as fds user) >>>> >>>> im not sure this is same case as you. >>>> >>>> Regards, >>>> Nattapon >>>> >>>> >>>>> From: Jeff Gamsby <JFGamsby at lbl.gov> >>>>> Reply-To: "General discussion list for the Fedora Directory server >>>>> project." <fedora-directory-users at redhat.com> >>>>> To: "General discussion list for the Fedora Directory server >>>>> project." <fedora-directory-users at redhat.com> >>>>> Subject: PassSync only working one way >>>>> Date: Tue, 13 Jun 2006 15:08:03 -0700 >>>>> MIME-Version: 1.0 >>>>> Received: from hormel.redhat.com ([209.132.177.30]) by >>>>> bay0-mc4-f5.bay0.hotmail.com with Microsoft >>>>> SMTPSVC(6.0.3790.2444); Tue, 13 Jun 2006 15:08:15 -0700 >>>>> Received: from listman.util.phx.redhat.com >>>>> (listman.util.phx.redhat.com [10.8.4.110])by hormel.redhat.com >>>>> (Postfix) with ESMTPid 7DA3A73550; Tue, 13 Jun 2006 18:08:12 -0400 >>>>> (EDT) >>>>> Received: from int-mx1.corp.redhat.com >>>>> (int-mx1.corp.redhat.com[172.16.52.254])by >>>>> listman.util.phx.redhat.com (8.13.1/8.13.1) with ESMTP >>>>> idk5DM8BEP021980for >>>>> <fedora-directory-users at listman.util.phx.redhat.com>;Tue, 13 Jun >>>>> 2006 18:08:11 -0400 >>>>> Received: from mx1.redhat.com (mx1.redhat.com [172.16.48.31])by >>>>> int-mx1.corp.redhat.com (8.12.11.20060308/8.12.11) with ESMTP >>>>> idk5DM8B7P010237for <fedora-directory-users at redhat.com>; Tue, 13 >>>>> Jun 2006 18:08:11 -0400 >>>>> Received: from mta1.lbl.gov (mta1.lbl.gov [128.3.41.24])by >>>>> mx1.redhat.com (8.12.11.20060308/8.12.11) with ESMTP >>>>> idk5DM8ATa017845for <fedora-directory-users at redhat.com>; Tue, 13 >>>>> Jun 2006 18:08:10 -0400 >>>>> Received: from mta1.lbl.gov (localhost [127.0.0.1])by mta1.lbl.gov >>>>> (8.13.6/8.13.6) with ESMTP id k5DM83Do029430for >>>>> <fedora-directory-users at redhat.com>;Tue, 13 Jun 2006 15:08:03 >>>>> -0700 (PDT) >>>>> Received: from [131.243.161.186] (charlie.lbl.gov >>>>> [131.243.161.186])by mta1.lbl.gov (8.13.6/8.13.6) with ESMTP id >>>>> k5DM82oT029426for <fedora-directory-users at redhat.com>;Tue, 13 Jun >>>>> 2006 15:08:03 -0700 (PDT) >>>>> X-Message-Info: LsUYwwHHNt1YGVdsJHk9XJ3CjXqSQnQhAaTm5/PIsXI= >>>>> User-Agent: Thunderbird 1.5.0.4 (Windows/20060516) >>>>> X-Virus-Scanned: ClamAV 0.88.2/1538/Tue Jun 13 13:17:56 2006 on mta1 >>>>> X-Virus-Status: Clean >>>>> X-RedHat-Spam-Score: 0 X-loop: fedora-directory-users at redhat.com >>>>> X-BeenThere: fedora-directory-users at redhat.com >>>>> X-Mailman-Version: 2.1.5 >>>>> Precedence: junk >>>>> List-Id: "General discussion list for the Fedora Directory server >>>>> project."<fedora-directory-users.redhat.com> >>>>> List-Unsubscribe: >>>>> <https://www.redhat.com/mailman/listinfo/fedora-directory-users>,<mailto:fedora-directory-users-request at redhat.com?subject=unsubscribe> >>>>> >>>>> List-Archive: >>>>> <https://www.redhat.com/archives/fedora-directory-users> >>>>> List-Post: <mailto:fedora-directory-users at redhat.com> >>>>> List-Help: >>>>> <mailto:fedora-directory-users-request at redhat.com?subject=help> >>>>> List-Subscribe: >>>>> <https://www.redhat.com/mailman/listinfo/fedora-directory-users>,<mailto:fedora-directory-users-request at redhat.com?subject=subscribe> >>>>> >>>>> Errors-To: fedora-directory-users-bounces at redhat.com >>>>> Return-Path: fedora-directory-users-bounces at redhat.com >>>>> X-OriginalArrivalTime: 13 Jun 2006 22:08:16.0215 (UTC) >>>>> FILETIME=[DEE3D670:01C68F35] >>>>> >>>>> I thought that I had the PassSync working until I ran into this >>>>> problem: >>>>> >>>>> Passwords are not synchronized from FDS to AD. When accounts are >>>>> added to FDS, they do show up in AD ( Although sometimes the cn >>>>> attribute gets base64 encoded ), but I cannot authenticate to AD. >>>>> When I change passwords in the FDS side, they are not changed ( or >>>>> not sent ) to AD. If I change passwords in AD, they are changed in >>>>> the FDS. >>>>> >>>>> The logs show that something is happening (changed host names and >>>>> dn's) >>>>> >>>>> [13/Jun/2006:15:03:41 -0700] NSMMReplicationPlugin - agmt="cn=AD" >>>>> (ad:636): No linger to cancel on the connection >>>>> [13/Jun/2006:15:03:41 -0700] NSMMReplicationPlugin - >>>>> windows_acquire_replica returned success (101) >>>>> [13/Jun/2006:15:03:41 -0700] NSMMReplicationPlugin - agmt="cn=AD" >>>>> (ad:636): State: ready_to_acquire_replica -> sending_updates >>>>> [13/Jun/2006:15:03:41 -0700] - _cl5PositionCursorForReplay >>>>> (agmt="cn=AD" (ad:636)): Consumer RUV: >>>>> [13/Jun/2006:15:03:41 -0700] NSMMReplicationPlugin - agmt="cn=AD" >>>>> (ad:636): {replicageneration} 448f18ae000000010000 >>>>> [13/Jun/2006:15:03:41 -0700] NSMMReplicationPlugin - agmt="cn=AD" >>>>> (ad:636): {replica 1 ldap://fds:389} 448f18e4000100010000 >>>>> 448f363d03d400010000 448f363d >>>>> [13/Jun/2006:15:03:41 -0700] - _cl5PositionCursorForReplay >>>>> (agmt="cn=AD" (ad:636)): Supplier RUV: >>>>> [13/Jun/2006:15:03:41 -0700] NSMMReplicationPlugin - agmt="cn=AD" >>>>> (ad:636): {replicageneration} 448f18ae000000010000 >>>>> [13/Jun/2006:15:03:41 -0700] NSMMReplicationPlugin - agmt="cn=AD" >>>>> (ad:636): {replica 1 ldap://fds:389} 448f18e4000100010000 >>>>> 448f363d03d700010000 448f363d >>>>> [13/Jun/2006:15:03:41 -0700] agmt="cn=AD" (ad:636) - session >>>>> start: anchorcsn=448f363d03d400010000 >>>>> [13/Jun/2006:15:03:41 -0700] NSMMReplicationPlugin - changelog >>>>> program - agmt="cn=AD" (ad:636): CSN 448f363d03d400010000 found, >>>>> position set for replay >>>>> [13/Jun/2006:15:03:41 -0700] agmt="cn=AD" (ad:636) - load=1 rec=1 >>>>> csn=448f363d03d600010000 >>>>> [13/Jun/2006:15:03:41 -0700] NSMMReplicationPlugin - agmt="cn=AD" >>>>> (ad:636): windows_replay_update: Looking at modify operation local >>>>> dn="uid=user,ou=people,dc=server,dc=,dc=" (ours,user,not group) >>>>> [13/Jun/2006:15:03:41 -0700] NSMMReplicationPlugin - agmt="cn=AD" >>>>> (ad:636): windows_replay_update: Processing modify operation local >>>>> dn="uid=user,ou=people,dc=server,dc=,dc=" remote >>>>> dn="<GUID=16f869dcfdde3d42bcb075fd4a1c7980>" >>>>> >>>>> >>>>> I'm not sure what is going on, I can talk via SSL from FDS to AD, >>>>> and I'm assuming that the PassSync service is working properly >>>>> since the changes from AD to FDS work. >>>>> >>>>> Any suggestions? >>>>> >>>>> >>>>> -- >>>>> Fedora-directory-users mailing list >>>>> Fedora-directory-users at redhat.com >>>>> https://www.redhat.com/mailman/listinfo/fedora-directory-users >>>> >>>> >>>> _________________________________________________________________ >>>> Express yourself instantly with MSN Messenger! Download today it's >>>> FREE! http://messenger.msn.click-url.com/go/onm00200471ave/direct/01/ >>>> >>>> -- >>>> Fedora-directory-users mailing list >>>> Fedora-directory-users at redhat.com >>>> https://www.redhat.com/mailman/listinfo/fedora-directory-users >>> >>> >>> -- >>> Fedora-directory-users mailing list >>> Fedora-directory-users at redhat.com >>> https://www.redhat.com/mailman/listinfo/fedora-directory-users >> >> >> ------------------------------------------------------------------------ >> >> -- >> Fedora-directory-users mailing list >> Fedora-directory-users at redhat.com >> https://www.redhat.com/mailman/listinfo/fedora-directory-users >> > > > -- > Fedora-directory-users mailing list > Fedora-directory-users at redhat.com > https://www.redhat.com/mailman/listinfo/fedora-directory-users >
