[389-users] Pass Sync Doesn't Work

Chandrasekar Kannan ckannan at redhat.com
Wed Sep 9 15:11:02 UTC 2009 

On 09/09/2009 06:59 AM, Doug Tucker wrote:
> On Tue, 2009-09-08 at 16:08 -0700, Chandrasekar Kannan wrote:
>    
>> On 09/08/2009 01:04 PM, Morris, Patrick wrote:
>>      
>>> On Tue, 08 Sep 2009, Doug Tucker wrote:
>>>
>>>
>>>        
>>>>
>>>>          
>>>>>> OK!  The logging was a tremendous help to at least seeing where the
>>>>>> failure is.  When the password change is made on the PDC, passync DOES
>>>>>> catch it and replicate to 389.  However, if the password change occurs
>>>>>> on the BDC, even though we see the change replicated to the PDC, passync
>>>>>> is NOT catching it and replicating to 389.  Does anyone have any ideas?
>>>>>>
>>>>>>
>>>>>>              
>>>>> I believe The Password Sync Service must be installed on every Active
>>>>> Directory domain controller.
>>>>>
>>>>>            
>>>> It appeared that way for no other reason than it wasn't working, but I
>>>> can't find anything in the documentation to indicate that, and someone
>>>> else that responded indicated he sees the change after the BDC
>>>> replicates it to the PDC.  Was just hoping for some official word that
>>>> states that this must be done.
>>>>
>>>>          
>>> I'm not seeing anything in the docs either,
>>>        
>> which docs are you referring to ? Have a url ?.
>>
>>      
> http://www.redhat.com/docs/manuals/dir-server/ag/8.0/Windows_Sync.html
>    
updated url
http://www.redhat.com/docs/manuals/dir-server/8.1/admin/Windows_Sync.html#Windows_Sync-About_Windows_Sync

has a reference to that ...

"The Password Sync Service must be installed on every Active
Directory domain controller"

hope that helps...


> This is what I have been using for how to set this up.  I cannot find
> any reference to the need to install passync on all of the controllers
> in the domain, it only references the primary.  And according to our
> windows guy here, MS changed terminology, but there is definitely a
> primary and then the others are bdc's.
>
> I agreed that from just a thinking perspective it would have to be done,
> but then someone in this thread earlier indicated that changes made to
> his bdc were synced to 389 after it replicated to the pdc, which kinda
> left me in limbo that I may still have something wrong, and before I
> have the windows guy start installing it everywhere, I wanted to hear
> from someone truly "in the know" of what needed to be done.
>
> --
> 389 users mailing list
> 389-users at redhat.com
> https://www.redhat.com/mailman/listinfo/fedora-directory-users
>

More information about the Fedora-directory-users mailing list