|
On 02/24/2015 03:38 PM, Daniel
Franciscus wrote:
So I finally figured out the problem in case
anyone ever comes across this again.
In order for
a password filter to register and to actually capture password
changes on a server, the filename of the DLL must in this
key "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Notification
Packages. After searching the entire registry on both of my
domain controllers for the string "passhook" I saw that the
one that was working had passhook in this key and the one that
was not working did not. This key is set during installation
of passsync, so for whatever reason the passsync installation
on the non working DC was not able to add that value. I added
the value manually, rebooted and it works.
Just thought
you should know in case you ever see this again.
Thanks again
for your help though, it pointed me in the direction I needed.
Hello Daniel,
Thank you so much for your investigation and sharing the result with
us. Yes, 'passhook' is supposed to be set in the registry, but
somehow it was not... I'm going to add your finding to the
FAQ/troubleshooting on our wiki port389.org.
PassSync.wxs
<RegistryKey Id='NotPkgs' Root='HKLM'
Key='SYSTEM\ControlSet001\Control\Lsa' ForceCreateOnInstall='yes'
>
<RegistryValue Name='Notification Packages'
Type='multiString' Value='passhook'/>
</RegistryKey>
Thanks!
--noriko
Dan Franciscus
Systems Administrator
Information Technology Group
Institute for Advanced Study
609-734-8138
From:
"Noriko Hosoi" <nhosoi@xxxxxxxxxx>
To: 389-users@xxxxxxxxxxxxxxxxxxxxxxx
Sent: Wednesday, February 18, 2015 2:01:41 PM
Subject: Re: Passsync not changing
passwords
On 02/18/2015 05:17 AM, Daniel
Franciscus wrote:
Hello,
We have two
Windows server 2003 domain controllers and I installed
passsync on both servers in order to sync password
changes to our 389 LDAP. On one domain controller, it
appears passsync is working correctly as I can see in
the passsync.log when I change a password through that
domain controller. On the other domain controller, when
I change a password I do not see any activity in the
passsync.log at all. I have passsync on both domain
controllers set to verbose logging. I also restarted
both domain controllers after installing passsync.
On the domain controller
that is not syncing passwords the log appears as:
02/18/15
07:52:59: PassSync service initialized
02/18/15
07:52:59: PassSync service running
02/18/15
07:52:59: No entries yet
02/18/15
07:52:59: Password list is empty. Waiting for
passhook event
Does
anyone have an idea of what the issue could be?
What is the
version of PassSync? The latest is 1.1.6.
http://www.port389.org/docs/389ds/releases/release-passsync-1-1-6.html
Did yo have a chance to enable passhook log?
In the regedit, go to: HKEY_LOCAK_MACHINE -->
SOFTWARE\PasswordSync
then, set 1 to Log Level.
If you add or modify a password on the Windows Server 2003
domain cotroller, what do you get? Any errors?
Dan Franciscus
Systems
Administrator
Information
Technology Group
Institute for
Advanced Study
609-734-8138
--
389 users mailing list
389-users@xxxxxxxxxxxxxxxxxxxxxxx
https://admin.fedoraproject.org/mailman/listinfo/389-users
--
389 users mailing list
389-users@xxxxxxxxxxxxxxxxxxxxxxx
https://admin.fedoraproject.org/mailman/listinfo/389-users
--
389 users mailing list
389-users@xxxxxxxxxxxxxxxxxxxxxxx
https://admin.fedoraproject.org/mailman/listinfo/389-users
|
--
389 users mailing list
389-users@xxxxxxxxxxxxxxxxxxxxxxx
https://admin.fedoraproject.org/mailman/listinfo/389-users
