Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations Mike Lewis on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

not really a 6.5 question more identity man

Status
Not open for further replies.
terry712

terry712

Technical User
Oct 1, 2002
2,175
GB
running a 2003 sp1 domain and also want to sync to netware 6.5 edir 8.7.3.5

identity manager 2.

if we change pwd in console1 or through ad then it's fine but from a client it doesnt sync the pwd's

the clients are xp sp2 - members of the domain and a zen 7 agent pointing to a middle tier.

on the 2003 dc we set the dstrace log to 5.
in event log i am getting the following in the pwd sync event log

driver NOT synchronising with the domain controller
andhen we change from client we get -
the password synchronisation for user sccobydoo failed . the error code is in the data

in the dstrace we seeing - adddckey domain controller server.doo.local is not in list
trying to add server.doo.local to list

in the control panel on 2003 dc we have added permissions to reg key of filter key and the pwd sync says it is installed but if we click on setup nothing happens

should we be setting something in here or am i on the wrong track or any ideas
 
Sort by date Sort by votes
Do you have the password sync tool installed on all of your domain controllers?

The interface is really goofy.. my opinion is that it's really clunky. You really have to work with it to get what you want.

Marvin Huffaker, MCNE
 
Upvote 0 Downvote
i only have it on e one
there are 2 dc's in domain
dont want to touch the other one

password sync tool - should you get something after running the setup ?
 
Upvote 0 Downvote
the box saying installed
i think this should say running ?
 
Upvote 0 Downvote
Yeah it needs to say running. But with it on only one Domain controller, you're not going to be able to capture the password before it gets encrypted if users authenticate to the DC that doesn't have it running.


Marvin Huffaker, MCNE
 
Upvote 0 Downvote
ok - irrespective that it would be desireable to update the other dc (problem with this is it runs an app - i only have access to it 3am - 4am )

i assume it should still say running ?
any idea how to kick it

the 2003 dc doesnt need a client anymore ?
 
Upvote 0 Downvote
ok previous i was struggling to the the pwd sync to change from installed to running. it is now doing this - wanted the full distinguished name and then it started to run.
it's on both now as well except still need to reboot one

i still seem to jhave sync problems though.

what we actually want to do is.

we have some users in an AD setup and they have an nds account as well. on their pc's which are xp sp2 no firewall - we have joined them to domain and then they have a zen 7 client which authenticates via a middle tier. we have the dirxml serice on a netware box and the remote loader is on a dc in the ad - it's a patched idm 2.01 we are using.

what we basically want is when they are prompted to change the AD password - it then changes the edir one as well.

what actually changes the password - i assume that the client is irrelevant and the pwd filter on the AD box captures the password and then squirts it to the edir?
 
Upvote 0 Downvote
Make sure Universal Password is configured and enabled, then ensure the clients that log into both NetWare and Windowz have the NMAS client installed.

Kinda blowz how Novell did this, in DirXML1.1, NMAS would screw things up, in 2.0x, NMAS is needed to make things work.

=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+
Brent Schmidt Certified nut case [hippy]
Senior Network Engineer
Keep IT Simple
 
Upvote 0 Downvote
i thought that the client was irrelevant and that the pwdfilter was capturing the sync at the dc and then syncing with drivers

what i have just now is if i cx pwd in console1 - it syncs both. cx in aduc and it's doesnt sync.

cx on client and still no sync

i think i need to verify universal pwd is working - is there a simple check on this - it's vague and confusing with simple.

can i see this with a dstrace or anything - or dsbrowse

i alos think the attribute matching may be an issue
 
Upvote 0 Downvote
what is aduc?

If you do not have the NWClient install, then your process flow is correct, when you put the NWClient in place however, then NMAS is the method desired by the system. To put it simple, Novell can sync their password with anyone else with the Universal password. This is because the hash is reversable, unlike in the NDS password that does not have a reversable hash.

To do a quick check? There is an eDirectory attribute called nspmPolicyDN that is placed on objects in eDirectory. Use a tool like DS Report Generator ( to find this info.

You can see the DirXML activity in DStrace, it can give you an idea of whats going on. Be sure to set your trace level to 3 to see the desired info.

=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+
Brent Schmidt Certified nut case [hippy]
Senior Network Engineer
Keep IT Simple
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

VicM
  • Question
Win7 backup on Win11 Pro box not completing as it had in the past
Replies
2
Views
466
VicM
VicM
Sebastian42
  • Question
Possibly a timing problem
Replies
0
Views
380
Sebastian42
Sebastian42
mattmontalto
  • Locked
  • Question
MS Threat Management Gateway Alternative
Replies
0
Views
127
mattmontalto
mattmontalto
wavestar69
  • Locked
  • Question
Trouble starting WinFrame 1.7 after replacing server
Replies
0
Views
134
wavestar69
wavestar69
JayIT
  • Locked
  • Question
XenApp 6.5. Random temp profiles created on servers
Replies
0
Views
75
JayIT
JayIT

Part and Inventory Search

Sponsor

Back
Top