[389-users] 389 AD password sync no longer works after upgrade from fds

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Hello,
  Recently we've upgraded our fds servers (1.1.3) to 389 (1.2.2).  Doing
so seems to have broken password sync from 389 to Active Directory.  All
other attributes are passing fine and passync from AD to 389 is working.
The AD machine has not been updated since before the upgrade of 389, at
which time the sync still worked.

No error occurs in the log, but the sync takes 10 minutes before timing
out and claiming success.  After turning on more logging, the error log
reports:

"AD already has the current password for <CN>. Not sending password
modify to AD."

I brought this up on IRC the other day and got a response that this is
most likely bug:
https://bugzilla.redhat.com/show_bug.cgi?id=537956

(I think thats the bug, bugzilla is down for maintenance at the time of
this email)

Today I went and re-installed a new server and put fedora-ds on by
excluding the 389* packages.  I imported my directory and enabled
windows sync on this system.  The password sync works fine from this new
system.

Has anyone run into a similar issue?
Is there a way to downgrade after upgrading to 389?
Could the issue have anything to do with the name of the service (i.e.
changing a config parameter that windows sync uses from fedora-ds- to
389-)?
Could this still be the same bug as listed above, or should I open a new
one?


All fds/389 systems are centos 5.4

Packages on Working sync:

fedora-ds-console-1.2.0-1.fc6
fedora-ds-base-1.2.0-2.fc6
fedora-ds-dsgw-1.1.2-1.fc6
fedora-ds-admin-1.1.7-3.fc6
fedora-ds-1.1.3-1.fc6
fedora-ds-admin-console-1.1.3-1.fc6


Packages Non-working sync:

389-ds-console-1.2.0-4.el5
389-admin-1.1.8-4.el5
389-console-1.1.3-3.el5
389-ds-console-doc-1.2.0-4.el5
389-ds-1.1.3-4.el5
389-admin-console-1.1.4-1.el5
389-admin-console-doc-1.1.4-1.el5
389-adminutil-1.1.8-3.el5
389-ds-base-1.2.2-1.el5
389-dsgw-1.1.4-1.el5







IMPORTANT: 
This transmission is sent on behalf of Knouse Foods ? for business
purposes.  It is for the intended recipient only.  If you are not the intended
recipient or a person responsible for delivering this transmission to
the intended recipient, you may not disclose, copy or distribute this
transmission or take any action in reliance on it.  If you received this
transmission in error, please notify us immediately by replying to this
Email message, and please dispose of and delete this transmission.
Thank you.
[Index of Archives]     [Fedora User Discussion]     [Older Fedora Users]     [Fedora Announce]     [Fedora Package Announce]     [EPEL Announce]     [Fedora News]     [Fedora Cloud]     [Fedora Advisory Board]     [Fedora Education]     [Fedora Security]     [Fedora Scitech]     [Fedora Robotics]     [Fedora Maintainers]     [Fedora Infrastructure]     [Fedora Websites]     [Anaconda Devel]     [Fedora Devel Java]     [Fedora Legacy]     [Fedora Desktop]     [Fedora Fonts]     [ATA RAID]     [Fedora Marketing]     [Fedora Management Tools]     [Fedora Mentors]     [Fedora Package Review]     [Fedora R Devel]     [Fedora PHP Devel]     [Kickstart]     [Fedora Music]     [Fedora Packaging]     [Centos]     [Fedora SELinux]     [Fedora Legal]     [Fedora Kernel]     [Fedora QA]     [Fedora Triage]     [Fedora OCaml]     [Coolkey]     [Virtualization Tools]     [ET Management Tools]     [Yum Users]     [Tux]     [Yosemite News]     [Yosemite Photos]     [Linux Apps]     [Maemo Users]     [Gnome Users]     [KDE Users]     [Fedora Tools]     [Fedora Art]     [Fedora Docs]     [Maemo Users]     [Asterisk PBX]     [Fedora Sparc]     [Fedora Universal Network Connector]     [Fedora ARM]

  Powered by Linux