June 2007 - 389-users - Fedora Mailing-Lists

[Fedora-directory-users] PassSync and PAM Question

by Sean Everson

All, I have successfully set up FDS1.04 on Centos4.4, with passSync-20060330.msi on Windows 2003 Server by following the directions in the docs + howtos. All traffic is running successfully over SSL in both directions. I am able to change my password on windows and login on Linux successfully. I am able to change my password on Linux via ldappasswd or via the Directory Console successfully. However, when I try to change my password via the standard passwd command on a linux client the update causes an endless loop of replication attempts. It would appear that the passwd command is using crypt to store the password in the directory. My questions are: 1) Is my understanding correct, that in order for passSync to work the password encryption policy on the subtree used in the sync agreement has to be set to "No encryption - CLEAR" Are there any other settings that would work? 2) I have experimented with "pam_password exo" and "pam_password clear" in /etc/ldap.conf, but crypt seems to be used regardless of the settings in this file for hashing the password locally before sending it to the directory server. This causes an endless replication loop. Does anyone have an example of an ldap.conf file that works with passSync and allows the standard passwd command to work for password changes? Thanks! --Sean Sean Everson IT Manager Netronome Systems, Inc. sean.everson(a)netronome.com

16 years, 10 months

1
0
0 / 0

[Fedora-directory-users] FreeRadius schema for Fedora Directory Server

by Raj Seenivasan

Is there some schema files that comes with fedora directory server to integrate with FreeRadius? If not can someone point me to the schema files that can used? Thanks in advance.

16 years, 10 months

2
1
0 / 0

[Fedora-directory-users] Replication over SSL with simple authentication

by Reinhard Nappert

Hi, I SSL-enabled two Directory Servers and I can access them over LDAPS using ldapsearch and other clients. I enabled both servers with the steps from the setupssl script. However, when I to set replication up, I get: [15/Jun/2007:13:32:56 -0400] conn=6057 op=-1 fd=69 closed - SSL peer cannot verify your certificate. I did import the CA cert (self-signed) to the other server, both ways, since I want to have multi-mastering. By the way, I checked the serial numbers of the certs and they are not identical. Does anyone have an idea why the replication fails. Thanks, -Reinhard

16 years, 10 months

2
2
0 / 0

[Fedora-directory-users] Constraint Violation at Logon

by Aaron Cline

Hello: I've emailed this to the list before but I didn't get an answer so I'm bringing this up again with a little bit more information. This problem seems to happen sporadically. I'm using Fedora DS 1.0.3 on the server. My client system in this case is a RHEL 3 WS box. When the user tries to login, the system will not accept his password. This doesn't happen all the time though and I haven't yet figured out how to "make" it happen. Here are the log messages on the client: Jun 20 17:12:57 low-tcw-104 sshd[14328]: pam_ldap: error trying to bind as user "uid=fallonma,ou=ISG,ou=Lowell,ou=People,dc=pii-dmz,dc=ext" (Constraint violation) I found some messages on the server side in the "errors" file that coincide with this user but the login attempt happens about 12 minutes after the error messages. The error messages on the server are: [20/Jun/2007:17:00:07 +0000] NSMMReplicationPlugin - agmt="cn=PII-DMZ TechOps" (low-mgt-100:389): windows_replay_update: failed to fetch local entry for modify operation dn="uid=fallonma,ou=isg,ou=lowell,ou=people,dc=pii-dmz,dc=ext" [20/Jun/2007:17:00:07 +0000] NSMMReplicationPlugin - agmt="cn=PII-DMZ IVRS" (low-mgt-100:389): windows_replay_update: failed to fetch local entry for modify operation dn="uid=fallonma,ou=isg,ou=lowell,ou=people,dc=pii-dmz,dc=ext" [20/Jun/2007:17:00:13 +0000] NSMMReplicationPlugin - agmt="cn=PII-DMZ IVRS" (low-mgt-100:389): windows_replay_update: failed to fetch local entry for modify operation dn="uid=fallonma,ou=isg,ou=lowell,ou=people,dc=pii-dmz,dc=ext" [20/Jun/2007:17:00:13 +0000] NSMMReplicationPlugin - agmt="cn=PII-DMZ TechOps" (low-mgt-100:389): windows_replay_update: failed to fetch local entry for modify operation dn="uid=fallonma,ou=isg,ou=lowell,ou=people,dc=pii-dmz,dc=ext" [20/Jun/2007:17:00:22 +0000] NSMMReplicationPlugin - agmt="cn=PII-DMZ IVRS" (low-mgt-100:389): windows_replay_update: failed to fetch local entry for modify operation dn="uid=fallonma,ou=isg,ou=lowell,ou=people,dc=pii-dmz,dc=ext" [20/Jun/2007:17:00:22 +0000] NSMMReplicationPlugin - agmt="cn=PII-DMZ TechOps" (low-mgt-100:389): windows_replay_update: failed to fetch local entry for modify operation dn="uid=fallonma,ou=isg,ou=lowell,ou=people,dc=pii-dmz,dc=ext" Is access to this user's information somehow locked at this point? Is the replication doing something to the account? Thanks for any info. Aaron

16 years, 10 months

1
0
0 / 0

[Fedora-directory-users] problems w/ admin server, local.conf

by MJD Shop Account

I've set up a few FDS 1.0.4 servers now and have problems every time getting certain things right with the admin server. I run into problems using either the console or just ldif file (which I prefer, for scripting). Here's the typical problem: when I try to set nsAdminAccessHosts, I use an ldif file. I can see the new value is set in the operational attributes, but it doesn't always make it into /opt/fedora-ds/admin-server/config/local.conf. The admin server logs indicate it is using the old values. I looked at file permissions, on one server I had owner:group as ldap:root, another has root:root, a third had ldap:ldap. That one was not getting updated, I changed it to root:root and restarted things and that seemed to update local.conf. Now I'm building a new server and it's not updating. I get this error in the admin server error log: [warn] Unable to bind as LocalAdmin to populate LocalAdmin tasks into cache. This was similar to the server I fixed, but I already have root:root permissions on that file. I went and looked at the server that originally had root:root, and while it has been functioning OK, it too doesn't have the correctly updated values for nsAdminAccessHosts in local.conf and shows the same error in its logs from awhile back (March). So, I tried, for a test, setting the owner:group to ldap:root. When I did this and restarted admin server, I got this error: [error] server reached MaxClients setting, consider raising the MaxClients setting This on a server that should not have anyone connected to the admin server... So I set it back to root:root and had neither error on restarting (but the attribute value is still wrong). On all servers, there is an httpd process under ldap user id and two under root user id (one of the two of the two root processes is the parent to the other root and to the ldap process). Sometime ago I tried to find out what triggers the re-writing of local.conf, as Richard said it was best to use the console for updating these values, where some magic makes it do that. Richard suggested looking in the logs to see what was happening, but I found no clues there. If anyone has one... Maybe the permissions need to match the method; would it be different running a root script at the command prompt vs. using the java console from a windows machine and connecting as the cn=dirmgr user? Thanks, MJD

16 years, 10 months

3
2
0 / 0

[Fedora-directory-users] Installing using yum, admin server & automatic uid

by Andreas Kekkou

Hi, We are in the process of migrating our NIS to FDS. We've been experimenting with FDS 1.0.4 for some time now and we managed to sync it with AD and have our *nix clients authenticating using TLS. Last week I installed FDS on Fedora 7 using yum. We have the base server functioning but it seems too hard to maintain it without the admin server. Does anybody knows if I can get the admin server using cvs? And something else, how we take advantage of automatic uid? I'm creating accounts using Softerra's LDAP Administrator. I've created a custom template and set uid to optional but when I'm trying to create an account I getting an error message. Andreas

16 years, 10 months

2
2
0 / 0

[Fedora-directory-users] admin server ssl setup

by MJD Shop Account

I'm trying to set up the admin console to be accessible w/ SSL (https). I have the right certificates set up and the main FDS is SSL enabled. I'm running FDS 1.0.4. I usually get a problem when I open up the admin console, click on the Configuration tab, click on the Encryption tab in that window, then try to check the enable ssl box. It gives me some error and doesn't save it. I had an idea which I tried and I think it worked (or it was just coincidence). Instead of clicking on the Configuration tab, I clicked the 'Configure Admin Server' task in the Task tab. This opened a separate configuration window which otherwise looks the same as before. But, this time I was successful in saving the change. I still had a problem with the NSSNickname being set to 'blank' in the console.conf file (under /opt/fedora-ds/admin-serv/config); I edited that manually. This seems to happen if you try and fail to save the SSL changes, after that the certificate list always comes up empty. And I also manually edit nss.conf to point to a file for the certificate-store PIN for automatic startup. So, should the two methods of opening the configuration window have different effects? Thanks, MJD

16 years, 10 months

1
0
0 / 0

RE: [Fedora-directory-users] Winsync and "New Windows User Sync" and "New Windows Group Sync"

by Ivan Ferreira

I found the problem. I was delegating the administration of the replicated OU in Windows 20003. This is not enough to enable "DirSync". The Windows replication Account must have "Replicating Directory Changes" permissions. Directory Server documentation ======================== During normal operation, all the updates made to entries in the Directory Server that need to be sent to the Windows Server are generated via the changelog. However, when the server is initially configured or after major changes to its content, it is necessary to initiate a re-synchronization process. For re-synchronization, the entire contents of synchronized subtree in the Directory Server is examined and, if necessary, sent to the Windows Server. This is done without using the changelog. Inbound changes, that is changes to entries in the Windows Server, are found by using Active Directory's `Dirsync' search feature. Because there is no changelog to use, it is necessary to issue the Dirsync search periodically. The default interval is five minutes. Microsoft documentation ================== Although the DirSync control is powerful and efficient, it has two limitations. The first limitation is that the control must run by using a user account that has the Replicating Directory Changes permission on the domain naming context. By default, the Administrator user account has this permission. However, we do not recommend that you use the Administrator account to run your DirSync control program. Instead, we recommend that the Replicating Directory Changes permission be granted to a typical user account or group. Therefore, you can configure permissions that are specific and limited to the DirSync control program. http://support.microsoft.com/?scid=kb%3Ben-us%3B891995&x=16&y=16 ======================================================================================== AVISO LEGAL: Esta información es privada y confidencial y está dirigida únicamente a su destinatario. Si usted no es el destinatario original de este mensaje y por este medio pudo acceder a dicha información por favor elimine el mensaje. La distribución o copia de este mensaje está estrictamente prohibida. Esta comunicación es sólo para propósitos de información y no debe ser considerada como propuesta, aceptación ni como una declaración de voluntad oficial de NUCLEO S.A. La transmisión de e-mails no garantiza que el correo electrónico sea seguro o libre de error. Por consiguiente, no manifestamos que esta información sea completa o precisa. Toda información está sujeta a alterarse sin previo aviso. This information is private and confidential and intended for the recipient only. If you are not the intended recipient of this message you are hereby notified that any review, dissemination, distribution or copying of this message is strictly prohibited. This communication is for information purposes only and shall not be regarded neither as a proposal, acceptance nor as a statement of will or official statement from NUCLEO S.A. . Email transmission cannot be guaranteed to be secure or error-free. Therefore, we do not represent that this information is complete or accurate and it should not be relied upon as such. All information is subject to change without notice.

16 years, 10 months

1
0
0 / 0

RE: [Fedora-directory-users] Need Help - FDS 1.0.4 - Admin Console - Details Inside - Thanks

by Sphenis cidae

After some tests, I discovered that the problem occurs after I turned on ldap authentication. Maybe I've to populate the ldap before I turn on authentication. I go learn some more. The long path of a newbie... >I have fedora directory server 1.0.4 running and I can access it from a windows workstation using softerra ldap >administrator, but when i try using the fedora admi console from the server i get the following error:>"cannot logon because of an incorrect User ID, Incorrect password or Directory problem. >java.io.InterruptedIOException: HTTP response timeout">In /opt/fedora-ds/admin-serv/logs/error i have:>child pid 2768 exit signal segmentation fault (11)>child pid 2769 exit signal segmentation fault (11)>...>child pid 3360 exit signal segmentation fault (11)>I'm asking for a big help here. I'm just a newbie trying very hard to learn.>Thanks, and I hope someday I'll be able to help you too. _________________________________________________________________ Comunicação sem fronteiras - converse agora também com os amigos que tem no Yahoo!. http://get.live.com/pt-pt/messenger/overview

16 years, 10 months

1
0
0 / 0

[Fedora-directory-users] Winsync and "New Windows User Sync" and "New Windows Group Sync"

by Ivan Ferreira

Hello all. I sucessfully installed Fedora Directory Server 1.0.4-1.RHEL4 on RHEL4U5. Also PassSync-20060330.msi was installed and configured in the Windows 2003 Domain Controller. SSL connection is working. Password synchronization works if the user exists on both Directories, but new users and groups are not created. I have enabled the "New Windows User Sync" and "New Windows Group Sync" checkboxes, but nothing happens in the logs when I create a new user or group. Debug is enabled in DS and PassSync. PassSync log: 06/15/07 19:11:41: There are no entries that match: juancitoperez 06/15/07 19:11:41: Deferring password change for juancitoperez 06/15/07 19:11:41: Backing off for 2048000ms Directory Server log: [15/Jun/2007:19:44:25 -0400] NSMMReplicationPlugin - agmt="cn=AD-FDS" (asusis-dc:636): State: wait_for_changes -> wait_for_changes [15/Jun/2007:19:44:25 -0400] NSMMReplicationPlugin - agmt="cn=AD-FDS" (asusis-dc:636): State: wait_for_changes -> wait_for_changes [15/Jun/2007:19:44:25 -0400] NSMMReplicationPlugin - agmt="cn=AD-FDS" (asusis-dc:636): No linger to cancel on the connection [15/Jun/2007:19:44:25 -0400] NSMMReplicationPlugin - agmt="cn=AD-FDS" (asusis-dc:636): Disconnected from the consumer [15/Jun/2007:19:44:26 -0400] NSMMReplicationPlugin - agmt="cn=AD-FDS" (asusis-dc:636): windows_inc_stop: protocol stopped after 1 seconds [15/Jun/2007:19:44:26 -0400] - acquire_replica, supplier RUV: [15/Jun/2007:19:44:26 -0400] NSMMReplicationPlugin - supplier: {replicageneration} 46707261000000030000 [15/Jun/2007:19:44:26 -0400] NSMMReplicationPlugin - supplier: {replica 3 ldap://infra1.sis.personal.net.py:389} 46714c54000000030000 46730709000100030000 00000000 [15/Jun/2007:19:44:26 -0400] NSMMReplicationPlugin - supplier: {replica 4 ldap://infra2.sis.personal.net.py:389} [15/Jun/2007:19:44:26 -0400] NSMMReplicationPlugin - supplier: {replica 1 ldap://infra1.sis.personal.net.py:389} 4673124f000000010000 46731f00000000010000 46731f01 [15/Jun/2007:19:44:26 -0400] - acquire_replica, consumer RUV: [15/Jun/2007:19:44:26 -0400] NSMMReplicationPlugin - consumer: {replicageneration} 46707261000000030000 [15/Jun/2007:19:44:26 -0400] NSMMReplicationPlugin - consumer: {replica 3 ldap://infra1.sis.personal.net.py:389} 46714c54000000030000 46730709000100030000 00000000 [15/Jun/2007:19:44:26 -0400] NSMMReplicationPlugin - consumer: {replica 4 ldap://infra2.sis.personal.net.py:389} [15/Jun/2007:19:44:26 -0400] NSMMReplicationPlugin - consumer: {replica 1 ldap://infra1.sis.personal.net.py:389} 4673124f000000010000 467316d4000000010000 00000000 [15/Jun/2007:19:44:26 -0400] - acquire_replica, supplier RUV is newer [15/Jun/2007:19:44:26 -0400] NSMMReplicationPlugin - agmt="cn=AD-FDS" (asusis-dc:636): Trying secure slapi_ldap_init [15/Jun/2007:19:44:26 -0400] NSMMReplicationPlugin - agmt="cn=AD-FDS" (asusis-dc:636): binddn = cn=SSOSync,ou=Service accounts,ou=Usuarios,dc=personal,dc=com,dc=py, passwd = {DES}T4FVTMFnERrR8F1Io6In7Q== [15/Jun/2007:19:44:26 -0400] NSMMReplicationPlugin - agmt="cn=AD-FDS" (asusis-dc:636): No linger to cancel on the connection [15/Jun/2007:19:44:26 -0400] NSMMReplicationPlugin - Beginning total update of replica "agmt="cn=AD-FDS" (asusis-dc:636)". [15/Jun/2007:19:44:26 -0400] - Sending dirsync search request [15/Jun/2007:19:44:26 -0400] NSMMReplicationPlugin - agmt="cn=AD-FDS" (asusis-dc:636): windows_process_total_entry: Looking dn="uid=pgimenez,ou=SSO,dc=sis,dc=personal,dc=net,dc=py" (ours) [15/Jun/2007:19:44:26 -0400] NSMMReplicationPlugin - agmt="cn=AD-FDS" (asusis-dc:636): map_entry_dn_outbound: failed to fetch entry from AD: dn="uid=pgimenez,ou=SSO,dc=sis,dc=personal,dc=net,dc=py", err=-1 [15/Jun/2007:19:44:26 -0400] NSMMReplicationPlugin - agmt="cn=AD-FDS" (asusis-dc:636): windows_replay_update: failed map dn for total update dn="uid=pgimenez,ou=SSO,dc=sis,dc=personal,dc=net,dc=py" [15/Jun/2007:19:44:26 -0400] NSMMReplicationPlugin - agmt="cn=AD-FDS" (asusis-dc:636): Beginning linger on the connection [15/Jun/2007:19:44:26 -0400] NSMMReplicationPlugin - agmt="cn=AD-FDS" (asusis-dc:636): windows_tot_run: failed to obtain data to send to the consumer; LDAP error - -1 [15/Jun/2007:19:44:26 -0400] NSMMReplicationPlugin - agmt="cn=AD-FDS" (asusis-dc:636): No linger to cancel on the connection [15/Jun/2007:19:44:26 -0400] NSMMReplicationPlugin - agmt="cn=AD-FDS" (asusis-dc:636): Disconnected from the consumer [15/Jun/2007:19:44:26 -0400] NSMMReplicationPlugin - agmt="cn=AD-FDS" (asusis-dc:636): State: start -> ready_to_acquire_replica [15/Jun/2007:19:44:26 -0400] - acquire_replica, supplier RUV: [15/Jun/2007:19:44:26 -0400] NSMMReplicationPlugin - supplier: {replicageneration} 46707261000000030000 [15/Jun/2007:19:44:26 -0400] NSMMReplicationPlugin - supplier: {replica 3 ldap://infra1.sis.personal.net.py:389} 46714c54000000030000 46730709000100030000 00000000 [15/Jun/2007:19:44:26 -0400] NSMMReplicationPlugin - supplier: {replica 4 ldap://infra2.sis.personal.net.py:389} [15/Jun/2007:19:44:26 -0400] NSMMReplicationPlugin - supplier: {replica 1 ldap://infra1.sis.personal.net.py:389} 4673124f000000010000 46731f00000000010000 46731f01 [15/Jun/2007:19:44:26 -0400] - acquire_replica, consumer RUV: [15/Jun/2007:19:44:26 -0400] NSMMReplicationPlugin - consumer: {replicageneration} 46707261000000030000 [15/Jun/2007:19:44:26 -0400] NSMMReplicationPlugin - consumer: {replica 3 ldap://infra1.sis.personal.net.py:389} 46714c54000000030000 46730709000100030000 00000000 [15/Jun/2007:19:44:26 -0400] NSMMReplicationPlugin - consumer: {replica 4 ldap://infra2.sis.personal.net.py:389} [15/Jun/2007:19:44:26 -0400] NSMMReplicationPlugin - consumer: {replica 1 ldap://infra1.sis.personal.net.py:389} 4673124f000000010000 467316d4000000010000 00000000 [15/Jun/2007:19:44:26 -0400] - acquire_replica, supplier RUV is newer [15/Jun/2007:19:44:26 -0400] NSMMReplicationPlugin - agmt="cn=AD-FDS" (asusis-dc:636): Trying secure slapi_ldap_init [15/Jun/2007:19:44:26 -0400] NSMMReplicationPlugin - agmt="cn=AD-FDS" (asusis-dc:636): binddn = cn=SSOSync,ou=Service accounts,ou=Usuarios,dc=personal,dc=com,dc=py, passwd = {DES}T4FVTMFnERrR8F1Io6In7Q== [15/Jun/2007:19:44:26 -0400] NSMMReplicationPlugin - agmt="cn=AD-FDS" (asusis-dc:636): No linger to cancel on the connection [15/Jun/2007:19:44:26 -0400] NSMMReplicationPlugin - windows_acquire_replica returned success (101) [15/Jun/2007:19:44:26 -0400] NSMMReplicationPlugin - agmt="cn=AD-FDS" (asusis-dc:636): State: ready_to_acquire_replica -> sending_updates [15/Jun/2007:19:44:26 -0400] - _cl5PositionCursorForReplay (agmt="cn=AD-FDS" (asusis-dc:636)): Consumer RUV: [15/Jun/2007:19:44:26 -0400] NSMMReplicationPlugin - agmt="cn=AD-FDS" (asusis-dc:636): {replicageneration} 46707261000000030000 [15/Jun/2007:19:44:26 -0400] NSMMReplicationPlugin - agmt="cn=AD-FDS" (asusis-dc:636): {replica 3 ldap://infra1.sis.personal.net.py:389} 46714c54000000030000 46730709000100030000 00000000 [15/Jun/2007:19:44:26 -0400] NSMMReplicationPlugin - agmt="cn=AD-FDS" (asusis-dc:636): {replica 4 ldap://infra2.sis.personal.net.py:389} [15/Jun/2007:19:44:26 -0400] NSMMReplicationPlugin - agmt="cn=AD-FDS" (asusis-dc:636): {replica 1 ldap://infra1.sis.personal.net.py:389} 4673124f000000010000 467316d4000000010000 00000000 [15/Jun/2007:19:44:26 -0400] - _cl5PositionCursorForReplay (agmt="cn=AD-FDS" (asusis-dc:636)): Supplier RUV: [15/Jun/2007:19:44:26 -0400] NSMMReplicationPlugin - agmt="cn=AD-FDS" (asusis-dc:636): {replicageneration} 46707261000000030000 [15/Jun/2007:19:44:26 -0400] NSMMReplicationPlugin - agmt="cn=AD-FDS" (asusis-dc:636): {replica 3 ldap://infra1.sis.personal.net.py:389} 46714c54000000030000 46730709000100030000 00000000 [15/Jun/2007:19:44:26 -0400] NSMMReplicationPlugin - agmt="cn=AD-FDS" (asusis-dc:636): {replica 4 ldap://infra2.sis.personal.net.py:389} [15/Jun/2007:19:44:26 -0400] NSMMReplicationPlugin - agmt="cn=AD-FDS" (asusis-dc:636): {replica 1 ldap://infra1.sis.personal.net.py:389} 4673124f000000010000 46731f00000000010000 46731f01 [15/Jun/2007:19:44:26 -0400] agmt="cn=AD-FDS" (asusis-dc:636) - session start: anchorcsn=467316d4000000010000 [15/Jun/2007:19:44:26 -0400] agmt="cn=AD-FDS" (asusis-dc:636) - Can't locate CSN 467316d4000000010000 in the changelog (DB rc=-30990). The consumer may need to be reinitialized. [15/Jun/2007:19:44:26 -0400] agmt="cn=AD-FDS" (asusis-dc:636) - clcache_load_buffer: rc=-30990 [15/Jun/2007:19:44:26 -0400] NSMMReplicationPlugin - changelog program - agmt="cn=AD-FDS" (asusis-dc:636): CSN 467316d4000000010000 found, position set for replay [15/Jun/2007:19:44:26 -0400] agmt="cn=AD-FDS" (asusis-dc:636) - clcache_load_buffer: rc=-30990 [15/Jun/2007:19:44:26 -0400] NSMMReplicationPlugin - agmt="cn=AD-FDS" (asusis-dc:636): No more updates to send (cl5GetNextOperationToReplay) [15/Jun/2007:19:44:26 -0400] agmt="cn=AD-FDS" (asusis-dc:636) - session end: state=0 load=0 sent=0 skipped=0 [15/Jun/2007:19:44:26 -0400] NSMMReplicationPlugin - agmt="cn=AD-FDS" (asusis-dc:636): Beginning linger on the connection [15/Jun/2007:19:44:26 -0400] NSMMReplicationPlugin - agmt="cn=AD-FDS" (asusis-dc:636): State: sending_updates -> wait_for_changes [15/Jun/2007:19:44:26 -0400] NSMMReplicationPlugin - agmt="cn=AD-FDS" (asusis-dc:636): Linger timeout has expired on the connection [15/Jun/2007:19:44:26 -0400] NSMMReplicationPlugin - agmt="cn=AD-FDS" (asusis-dc:636): Disconnected from the consumer This is when I create a new account in AD [15/Jun/2007:19:58:55 -0400] conn=29 fd=73 slot=73 SSL connection from 10.129.4.176 to 172.20.0.1 [15/Jun/2007:19:58:55 -0400] conn=29 SSL 128-bit RC4 [15/Jun/2007:19:58:55 -0400] conn=29 op=0 BIND dn="cn=sync manager,cn=config" method=128 version=2 [15/Jun/2007:19:58:55 -0400] conn=29 op=0 RESULT err=0 tag=97 nentries=0 etime=0 dn="cn=sync manager,cn=config" [15/Jun/2007:19:58:55 -0400] conn=29 op=1 SRCH base="ou=sso,dc=sis,dc=personal,dc=net,dc=py" scope=2 filter="(ntUserDomainId=pepelin)" attrs=ALL [15/Jun/2007:19:58:55 -0400] conn=29 op=1 RESULT err=0 tag=101 nentries=0 etime=0 [15/Jun/2007:19:58:55 -0400] conn=29 op=2 UNBIND [15/Jun/2007:19:58:55 -0400] conn=29 op=2 fd=73 closed - U1 [15/Jun/2007:19:59:00 -0400] conn=13 op=24 SRCH base="ou=SSO,dc=sis,dc=personal,dc=net,dc=py" scope=1 filter="(objectClass=*)" attrs="objectClass" [15/Jun/2007:19:59:00 -0400] conn=13 op=24 RESULT err=0 tag=101 nentries=1 etime=0 [15/Jun/2007:19:59:01 -0400] conn=13 op=26 SRCH base="ou=sudoers,dc=sis,dc=personal,dc=net,dc=py" scope=0 filter="(objectClass=*)" attrs=ALL [15/Jun/2007:19:59:01 -0400] conn=13 op=26 RESULT err=0 tag=101 nentries=1 etime=0 [15/Jun/2007:19:59:01 -0400] conn=13 op=27 SRCH base="ou=SSO,dc=sis,dc=personal,dc=net,dc=py" scope=0 filter="(objectClass=*)" attrs=ALL [15/Jun/2007:19:59:01 -0400] conn=13 op=27 RESULT err=0 tag=101 nentries=1 etime=0 [15/Jun/2007:19:59:01 -0400] conn=13 op=28 SRCH base="ou=SSO,dc=sis,dc=personal,dc=net,dc=py" scope=1 filter="(objectClass=*)" attrs="objectClass" [15/Jun/2007:19:59:01 -0400] conn=13 op=28 RESULT err=0 tag=101 nentries=1 etime=0 [15/Jun/2007:19:59:03 -0400] conn=13 op=29 SRCH base="ou=SSO,dc=sis,dc=personal,dc=net,dc=py" scope=1 filter="(objectClass=*)" attrs="objectClass" [15/Jun/2007:19:59:03 -0400] conn=13 op=29 RESULT err=0 tag=101 nentries=1 etime=0 [15/Jun/2007:19:59:11 -0400] conn=30 fd=73 slot=73 SSL connection from 10.129.4.176 to 172.20.0.1 [15/Jun/2007:19:59:11 -0400] conn=30 SSL 128-bit RC4 [15/Jun/2007:19:59:11 -0400] conn=30 op=0 BIND dn="cn=sync manager,cn=config" method=128 version=2 [15/Jun/2007:19:59:11 -0400] conn=30 op=0 RESULT err=0 tag=97 nentries=0 etime=0 dn="cn=sync manager,cn=config" [15/Jun/2007:19:59:11 -0400] conn=30 op=1 SRCH base="ou=sso,dc=sis,dc=personal,dc=net,dc=py" scope=2 filter="(ntUserDomainId=pepelin)" attrs=ALL [15/Jun/2007:19:59:11 -0400] conn=30 op=1 RESULT err=0 tag=101 nentries=0 etime=0 [15/Jun/2007:19:59:11 -0400] conn=30 op=2 UNBIND [15/Jun/2007:19:59:11 -0400] conn=30 op=2 fd=73 closed - U1 And PassSync: 06/15/07 19:58:44: Password list has 1 entries 06/15/07 19:58:44: Attempting to sync password for pepelin 06/15/07 19:58:44: Searching for (ntuserdomainid=pepelin) 06/15/07 19:58:44: There are no entries that match: pepelin 06/15/07 19:58:44: Deferring password change for pepelin 06/15/07 19:58:44: Backing off for 4000ms 06/15/07 19:58:48: Backoff time expired. Attempting sync 06/15/07 19:58:48: Password list has 1 entries 06/15/07 19:58:48: Attempting to sync password for pepelin 06/15/07 19:58:48: Searching for (ntuserdomainid=pepelin) 06/15/07 19:58:48: There are no entries that match: pepelin 06/15/07 19:58:48: Deferring password change for pepelin 06/15/07 19:58:48: Backing off for 8000ms 06/15/07 19:58:56: Backoff time expired. Attempting sync 06/15/07 19:58:56: Password list has 1 entries 06/15/07 19:58:56: Attempting to sync password for pepelin 06/15/07 19:58:56: Searching for (ntuserdomainid=pepelin) 06/15/07 19:58:56: There are no entries that match: pepelin 06/15/07 19:58:56: Deferring password change for pepelin 06/15/07 19:58:56: Backing off for 16000ms 06/15/07 19:59:12: Backoff time expired. Attempting sync 06/15/07 19:59:12: Password list has 1 entries 06/15/07 19:59:12: Attempting to sync password for pepelin 06/15/07 19:59:12: Searching for (ntuserdomainid=pepelin) 06/15/07 19:59:12: There are no entries that match: pepelin 06/15/07 19:59:12: Deferring password change for pepelin 06/15/07 19:59:12: Backing off for 32000ms 06/15/07 19:59:44: Backoff time expired. Attempting sync 06/15/07 19:59:44: Password list has 1 entries 06/15/07 19:59:44: Attempting to sync password for pepelin 06/15/07 19:59:44: Searching for (ntuserdomainid=pepelin) 06/15/07 19:59:44: There are no entries that match: pepelin 06/15/07 19:59:44: Deferring password change for pepelin 06/15/07 19:59:44: Backing off for 64000ms I don't see any attempt to create the accounts. What could be the problem? ======================================================================================== AVISO LEGAL: Esta información es privada y confidencial y está dirigida únicamente a su destinatario. Si usted no es el destinatario original de este mensaje y por este medio pudo acceder a dicha información por favor elimine el mensaje. La distribución o copia de este mensaje está estrictamente prohibida. Esta comunicación es sólo para propósitos de información y no debe ser considerada como propuesta, aceptación ni como una declaración de voluntad oficial de NUCLEO S.A. La transmisión de e-mails no garantiza que el correo electrónico sea seguro o libre de error. Por consiguiente, no manifestamos que esta información sea completa o precisa. Toda información está sujeta a alterarse sin previo aviso. This information is private and confidential and intended for the recipient only. If you are not the intended recipient of this message you are hereby notified that any review, dissemination, distribution or copying of this message is strictly prohibited. This communication is for information purposes only and shall not be regarded neither as a proposal, acceptance nor as a statement of will or official statement from NUCLEO S.A. . Email transmission cannot be guaranteed to be secure or error-free. Therefore, we do not represent that this information is complete or accurate and it should not be relied upon as such. All information is subject to change without notice.

16 years, 10 months

1
0
0 / 0

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

2005

389-users June 2007