Anonymous_User Absent Member.
Absent Member.
187 views

Re: how to set the password synchronization?

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Good question. Post the engine and RL traces, preferably from all sides
at once but at least from the 'Common AD' setup, to see what happens
when you create a user. Knowing more about your Universal Password (UP)
password policy may also be ueful. With the RL trace in the Common AD
environment be sure it is set to level five, though engine traces can be
left at level three. Post the traces somewhere like SUSE Paste (
http://paste.opensuse.org/ ) for review and provide the links here in
your response.

Good luck.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.18 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iQIcBAEBAgAGBQJP/XjcAAoJEF+XTK08PnB5F2kQAJ6nbxTVdt5zbeL/AYsTFm26
jHsJ14CJ6ob6GxydGKa5B6sfvs11cJQM8elJaESfZoj+c/a7bMdvLWNPB8vGLAs1
DKgkoiJiXjzxjUSyfNUsUM1490rm7UDKhtu+zp8NqoNXp3MGRLt/vkSDTyHbRnyW
N7CUEEritVypZOLCVNp7CNBQ1PeotuF8pbVl3G3F5y46MPvs71xdz/eUT3IgTiYo
t8ekfTFPuEX+oLTTLPXbplOyvXHDCWIPwUSF3fYeIEezAEaLlmDIqPMAPtXu2Rc7
Ow2gLr6QUrUdk5cvmWNRIaSWKfG/3FbAODTAHddhGoDwWSUt9PEKmcA/u45lfhmb
HqDIouz3yuYAuqVQaiYB2XNmGmqvjfspB/McN3g5rkxW9BJgkJoQj/UhXx0tgvKV
Y7mIMewr7W7aEq76LCcB2Htq8Z2irhBwQ0M3KBfc19ugu+241WytPtSrJC/7yVWi
GW7Rk+MVnms+urIxQjlwXpqRHSOoVV3sQqsY3oDlndJ8Sf3zKPpsHo0/HiuqBY/s
9L0nVFnRxFzA+4+NbLEDgLbQwyJN1LGcTVD4FxwCjMHZUbgU8zsERQifBToiVhkI
TDG/4u+Za9QCU1lAzUj9fyxxHz3aJAFjdenQCfgvtKC8JGuSPIMiFlJUL8cTBW4F
0T7aQRAsJ4UUQf0sSMVe
=b0hZ
-----END PGP SIGNATURE-----
Labels (1)
0 Likes
5 Replies
Anonymous_User Absent Member.
Absent Member.

Re: how to set the password synchronization?

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

This definitely tried, and something even succeeded. We need the engine
side's trace (written from the driver config object directly to its own
file) of the same (or a new test) operation to see what happened over
there. Just what's new... not all 774 MB of old stuff (by the way...
don't let that fill your disk or you'll be upset).

Good luck.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.18 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iQIcBAEBAgAGBQJP/q+GAAoJEF+XTK08PnB5YoYQAJQ8IzuozGyzJuai9GtODegN
hwBlzjvVQeP1S5u8PunvkYi/IHh89f+QksJkFCxfLGRmX8ryDVwFcLn8o1Lzzn7K
PGWRZgrDBf+gsugTbxsRma1RmTH2R/4NpKj8RtFe0qSSUPLC2Mtm7ATC/ZCtxwi7
6OyVPLtLDmT/r6fGn+CryTfRpKlhcW2cOosaIfmWEHH7Ic7Q+VQEHAwuLbDmcdXQ
Jx/tcK7sISPXNL1QJqWzogtVKUvNo/lOZpW+tdLPiokPggCg8ehvpWMyK7xZf1d0
qjPQXDe/0UF/U3OhjCcDxQ+EeofKxQyoNBzbl2uVpWhtIPxXaII5c46vIf4e6Zxe
eh7lp19DoxAftE9O1TlWUHJ2qVuUzlMGRmcOydhHS2REBjtbojlHfF+srerAPlhc
Gq5milhYk8ROwrZRr9/B0LvyJc4+leKW5YKPf/HpacY+nxpty2XSSwx4VzHMyEyk
ztM+q5SUKkHurq7ONh2+nvHAicGdSNlKAGJHye/LY/hbMapEC+17pxwuJIKn7vSs
oe/6L3f2+ZsmYilKkkjpu+jOOQB5RPaHzBUiiEcLAqAP/6pd7Pju9kNlMksiXdLA
suy+8K9o0yxua7F7QHqdLWX4KtrQV6AIZDVhmo84Pzmz/qQkC9FUk5R2MwzanvJ8
1+hrYg7l5rO2V8KU76Rd
=aAyE
-----END PGP SIGNATURE-----
0 Likes
Anonymous_User Absent Member.
Absent Member.

Re: how to set the password synchronization?

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

http://paste.opensuse.org/

Post the link that the site gets you after you upload your logs there.

Good luck.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.18 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iQIcBAEBAgAGBQJQAACIAAoJEF+XTK08PnB5NpMP/i/R6C9SHPUBuEW34VWmk89j
L1PyVQmBZii/yNQsevfSk4yoJtDrSXVvniLfsdagAPYVT56vXW5s6kpYaIWEza98
GnfNnqJtKPja79c9nLgHX5ER3L4hU5vJgju93Ylz7PcyMWCgzn8Krf0RftuX0q/s
nzBTmhu6uIxQJzQnUU2XSWKZcExzs8g7ZyH6VKtGTyGhebeLzmB/6LjiRfCyS5Zd
CuTkdkx5Rfawov8QF7HDv7UXMr0QmTHgAXad51thU6lF/eL6NYeZAy7iy1H3fefH
aV6zs3QDYnRCZd8+HIteSZY2yCyZPjD2NgxKsDJYP2BPUKT0O4AVS/IbepoLdYyg
lFm7btQVGBHy2FDsbNktkvCnUS0OECUK5hMzc/4Tyrb9EE/W4tzlzBGsybhU3m/1
G6n1QptLt/cvD6LRRH78fn28Td4cNhP8FDPPYCue++ezok99Wi2GBovYDm3cOdxw
KFtt/5bhjOMvvUkQA8fLZLIQnDn2QZWf+djO/Fxp6qC0B0IPUEAKMXdeNUut2pT8
96Dq/UacIswrd2P0jVk7HPZIX36TooQOmphsAH4uQJgoksqWSPM2N19+CBpz6Iz0
u7P2UrAF+IEDdb05Rd8gaS4dhuJCzQ215dMeOBpH8mN4glBJsciMijbqcUtHF7aT
krdGxNt5O0Ioh5ODFB7l
=x3Z1
-----END PGP SIGNATURE-----
0 Likes
Anonymous_User Absent Member.
Absent Member.

Re: how to set the password synchronization?

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Agnes,

Try to do it in smaller chunks perhaps? It sounds like it's too big
currently.

Good luck.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.18 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iQIcBAEBAgAGBQJQA/WdAAoJEF+XTK08PnB5H+cQALK/ucbsTkuX54Nq/IZgheZD
VPrQDUUNuuhZKasnVk3a9WBv3Ucq4QVlI4mZIqhw3ccndS//BUgK6On6xu7cT8M3
RIrk5GkRmgfP7ONGLouBuzZNYkpreS0Hfl9LaK1u5F/r677wpTfIcCYfHiX5pEm1
HR5VzRoeXA0Y+jY+hwUbTRdFe0h9AQAlVSfS7Gul7PRLAtVq/0lbd9YCmS3aa0p+
objq57F8BondGToCR4jkpnENzZp0/Pklj2yUuRXhf61IVyhW4PmGVmKZyYGsmMsJ
UjUsC0Rb6USUQkmDAn2bfpqeb/PiI1xqbEVG4RXY/PFA4HZjIUPrYz/M4+OndExf
CHUWWfFRmWWnnfY4VHJcL7TXidK+yglzRzKvELuSdzZPZVbWmq0kbS9hhwVgd+nL
OW0Ir2KZ4FODCp+3YGS7jcPe6FqtWCTKmhx2CZ6Pd7q2SNLkjVTSw5uhZGK4QnME
sF0SupNARBZbm6pmWNVw21j2/yxX1LfrA4+PDE/vbxBwcXVKH8TjBKgemHBCnhg8
yJjqM74UzznfkVkUZn3U/NzTmGQERUD5NwbKjslWJO4S1BbD/8KL5Jk4IfkPduER
fDuS8DRZ3b2WL60LAsheOc4SQXbiIhHWU6hwRtrJ9XLD59QgVOAzHgzb1zdPBPGl
gxqftetJQSI5fgnVBGbC
=DzPk
-----END PGP SIGNATURE-----
0 Likes
Knowledge Partner
Knowledge Partner

Re: how to set the password synchronization?

On Mon, 16 Jul 2012 02:16:01 +0000, ayeungied wrote:

> I've tried serveral times to upload to 'SUSE Paste'
> (http://paste.opensuse.org/) , but still got the following errors:-


Maybe pastebin.org would be a workable answer for you?

--
--------------------------------------------------------------------------
David Gersic dgersic_@_niu.edu
Knowledge Partner http://forums.novell.com

Please post questions in the forums. No support provided via email.

0 Likes
Knowledge Partner
Knowledge Partner

Re: how to set the password synchronization?

On Thu, 12 Jul 2012 09:16:01 +0000, ayeungied wrote:

> After I created account from the common AD, I tried to logon from
> iManager, I got the following error msg.
>
> (Error -669) An invalid password was used, authentication failed, one
> server tried to synchronize with another one but the target server's
> database was locked, or a problem exists with the remote ID or public
> key.


Ok, so I don't see a problem here, or at least not the one I think you're
looking for. Looking at the trace of the <add> event, it comes down the
Publisher channel without a password, so when it gets to the Create Rule,
a default password is established for the object in eDirectory. That
happens here:


[07/13/12 10:56:39.963]:ComADToNDSgc2 PT: Evaluating selection
criteria for rule 'set user default password'.
[07/13/12 10:56:39.964]:ComADToNDSgc2 PT: (if-class-name equal
"User") = TRUE.

[07/13/12 10:56:39.964]:ComADToNDSgc2 PT: (if-password not-
available) = TRUE.

[07/13/12 10:56:39.964]:ComADToNDSgc2 PT: (if-op-attr 'Surname'
available) = TRUE.

[07/13/12 10:56:39.964]:ComADToNDSgc2 PT: Rule selected.

[07/13/12 10:56:39.964]:ComADToNDSgc2 PT: Applying rule 'set user
default password'.

[07/13/12 10:56:39.965]:ComADToNDSgc2 PT: Action: do-set-dest-
password("-- suppressed --").

[07/13/12 10:56:39.965]:ComADToNDSgc2 PT: arg-string("--
suppressed --")

[07/13/12 10:56:39.965]:ComADToNDSgc2 PT: token-text("--
suppressed --")

[07/13/12 10:56:39.965]:ComADToNDSgc2 PT: Arg Value: "--
suppressed --".


in your trace.

So, when the <add> is complete, and you try to log in to eDirectory, you
get a -669 (wrong password) error, because the password on this object is
whatever that policy created as a default.

Now, ideally, what you should see next is a <modify> or a <modify-
password> event on the Publisher channel, as the object in Active
Directory is updated with a password. That, then, would set the correct
password in eDirectory.

But...


> I've set the Password Filter tool comes with IDM in the ADs , I even set
> the common ad to sync password with the application ad in the password
> filter interface. But now help.


I think the problem here is likely that you don't have the password
filters installed and configured on all domain controllers in your
domain. That would keep the MAD password change from being captured. So,
let's look there next. Go to the DC where you have the driver shim
running, start the password sync control panel thing, and see what it
says.


--
--------------------------------------------------------------------------
David Gersic dgersic_@_niu.edu
Knowledge Partner http://forums.novell.com

Please post questions in the forums. No support provided via email.

0 Likes
The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.