On 02/24/2015 03:38 PM, Daniel Franciscus wrote:
So I finally figured out the problem in case anyone ever comes across
this again.
In order for a password filter to register and to actually capture
password changes on a server, the filename of the DLL must in this
key "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Notification
Packages. After searching the entire registry on both of my domain
controllers for the string "passhook" I saw that the one that was
working had passhook in this key and the one that was not working did
not. This key is set during installation of passsync, so for whatever
reason the passsync installation on the non working DC was not able to
add that value. I added the value manually, rebooted and it works.
Just thought you should know in case you ever see this again.
Thanks again for your help though, it pointed me in the direction I
needed.
Hello Daniel,
Thank you so much for your investigation and sharing the result with
us. Yes, 'passhook' is supposed to be set in the registry, but somehow
it was not... I'm going to add your finding to the FAQ/troubleshooting
on our wiki port389.org.
PassSync.wxs
<RegistryKey Id='NotPkgs' Root='HKLM'
Key='SYSTEM\ControlSet001\Control\Lsa' ForceCreateOnInstall='yes' >
<RegistryValue Name='Notification Packages'
Type='multiString' Value='passhook'/>
</RegistryKey>
Thanks!
--noriko
Dan Franciscus
Systems Administrator
Information Technology Group
Institute for Advanced Study
609-734-8138
------------------------------------------------------------------------
*From: *"Noriko Hosoi" <[email protected]>
*To: *[email protected]
*Sent: *Wednesday, February 18, 2015 2:01:41 PM
*Subject: *Re: [389-users] Passsync not changing passwords
On 02/18/2015 05:17 AM, Daniel Franciscus wrote:
Hello,
We have two Windows server 2003 domain controllers and I installed
passsync on both servers in order to sync password changes to our
389 LDAP. On one domain controller, it appears passsync is working
correctly as I can see in the passsync.log when I change a
password through that domain controller. On the other domain
controller, when I change a password I do not see any activity in
the passsync.log at all. I have passsync on both domain
controllers set to verbose logging. I also restarted both domain
controllers after installing passsync.
On the domain controller that is not syncing passwords the log
appears as:
02/18/15 07:52:59: PassSync service initialized
02/18/15 07:52:59: PassSync service running
02/18/15 07:52:59: No entries yet
02/18/15 07:52:59: Password list is empty. Waiting for passhook event
Does anyone have an idea of what the issue could be?
What is the version of PassSync? The latest is 1.1.6.
http://www.port389.org/docs/389ds/releases/release-passsync-1-1-6.html
Did yo have a chance to enable passhook log?
In the regedit, go to: HKEY_LOCAK_MACHINE --> SOFTWARE\PasswordSync
then, set 1 to Log Level.
If you add or modify a password on the Windows Server 2003 domain
cotroller, what do you get? Any errors?
Dan Franciscus
Systems Administrator
Information Technology Group
Institute for Advanced Study
609-734-8138
--
389 users mailing list
[email protected]
https://admin.fedoraproject.org/mailman/listinfo/389-users
--
389 users mailing list
[email protected]
https://admin.fedoraproject.org/mailman/listinfo/389-users
--
389 users mailing list
[email protected]
https://admin.fedoraproject.org/mailman/listinfo/389-users
--
389 users mailing list
[email protected]
https://admin.fedoraproject.org/mailman/listinfo/389-users
