Ad Sync Error - Sizelimit Exceeded

[clicerioneto]

Hi,

The following error messages:

Code: [Select]

2010/03/03 14:55:24 DEBUG> ebox-ad-sync:82 main:: - [ad-sync] Adding new group Usuários do depurador
2010/03/03 14:55:24 DEBUG> UsersAndGroups.pm:1377 EBox::UsersAndGroups::addGroup - Invalid value for group name: Usuários do depurador.
2010/03/03 14:55:24 WARN> ebox-ad-sync:86 main::__ANON__ - [ad-sync] Error adding group 'Usuários do depurador'.
2010/03/03 14:55:24 DEBUG> ebox-ad-sync:82 main:: - [ad-sync] Adding new group Windows Authorization Access Group
2010/03/03 14:55:24 DEBUG> UsersAndGroups.pm:1365 EBox::UsersAndGroups::addGroup - Groupname must not be longer than 32 characters
2010/03/03 14:55:24 WARN> ebox-ad-sync:86 main::__ANON__ - [ad-sync] Error adding group 'Windows Authorization Access Group'.
2010/03/03 14:55:24 DEBUG> ebox-ad-sync:303 main::getPrincipalName - [ad-sync] can't get userPrincipalName for CN=S-1-5-9,CN=ForeignSecurityPrincipals,DC=brasilecodiesel.
2010/03/03 14:55:24 DEBUG> ebox-ad-sync:82 main:: - [ad-sync] Adding new group Pre-Windows 2000 Compatible Access
2010/03/03 14:55:24 DEBUG> UsersAndGroups.pm:1365 EBox::UsersAndGroups::addGroup - Groupname must not be longer than 32 characters
2010/03/03 14:55:24 WARN> ebox-ad-sync:86 main::__ANON__ - [ad-sync] Error adding group 'Pre-Windows 2000 Compatible Access'.
2010/03/03 14:55:24 DEBUG> ebox-ad-sync:303 main::getPrincipalName - [ad-sync] can't get userPrincipalName for CN=S-1-5-7,CN=ForeignSecurityPrincipals,DC=brasilecodiesel.
2010/03/03 14:55:24 DEBUG> ebox-ad-sync:303 main::getPrincipalName - [ad-sync] can't get userPrincipalName for CN=S-1-1-0,CN=ForeignSecurityPrincipals,DC=brasilecodiesel.
2010/03/03 14:55:24 DEBUG> ebox-ad-sync:82 main:: - [ad-sync] Adding new group P&D
2010/03/03 14:55:24 DEBUG> UsersAndGroups.pm:1377 EBox::UsersAndGroups::addGroup - Invalid value for group name: P&D.
2010/03/03 14:55:24 WARN> ebox-ad-sync:86 main::__ANON__ - [ad-sync] Error adding group 'P&D'.
2010/03/03 14:55:24 DEBUG> ebox-ad-sync:94 main::__ANON__ - [ad-sync] Adding user paulo.castro to new group P&D
2010/03/03 14:55:24 DEBUG> UsersAndGroups.pm:1726 EBox::UsersAndGroups::addUserToGroup - group name P&D does not exist.
2010/03/03 14:55:24 WARN> ebox-ad-sync:97 main::__ANON__ - [ad-sync] can't add user  to group P&D.
2010/03/03 14:55:24 DEBUG> ebox-ad-sync:303 main::getPrincipalName - [ad-sync] can't get userPrincipalName for alex.lima.
2010/03/03 14:55:24 DEBUG> ebox-ad-sync:303 main::getPrincipalName - [ad-sync] can't get userPrincipalName for jose.neto.
2010/03/03 14:55:24 DEBUG> ebox-ad-sync:303 main::getPrincipalName - [ad-sync] can't get userPrincipalName for junior.
2010/03/03 14:55:24 DEBUG> ebox-ad-sync:303 main::getPrincipalName - [ad-sync] can't get userPrincipalName for joaoitalo.
2010/03/03 14:55:24 DEBUG> ebox-ad-sync:303 main::getPrincipalName - [ad-sync] can't get userPrincipalName for keully.aquino.
2010/03/03 14:55:24 DEBUG> ebox-ad-sync:303 main::getPrincipalName - [ad-sync] can't get userPrincipalName for CN=S-1-5-20,CN=ForeignSecurityPrincipals,DC=brasilecodiesel.

The ebox has some limitation as to disabled users in AD? I noticed that these users, who are in error, users are disabled.

Code: [Select]

2010/03/03 14:55:24 DEBUG> ebox-ad-sync:303 main::getPrincipalName - [ad-sync] can't get userPrincipalName for diego.tavares.
2010/03/03 14:55:24 DEBUG> ebox-ad-sync:303 main::getPrincipalName - [ad-sync] can't get userPrincipalName for ricardo.
2010/03/03 14:55:24 DEBUG> ebox-ad-sync:303 main::getPrincipalName - [ad-sync] can't get userPrincipalName for jorge.barreto.
2010/03/03 14:55:24 DEBUG> ebox-ad-sync:303 main::getPrincipalName - [ad-sync] can't get userPrincipalName for delfran.
2010/03/03 14:55:24 DEBUG> ebox-ad-sync:303 main::getPrincipalName - [ad-sync] can't get userPrincipalName for diego.
2010/03/03 14:55:24 DEBUG> ebox-ad-sync:303 main::getPrincipalName - [ad-sync] can't get userPrincipalName for danielsousa.
2010/03/03 14:55:24 DEBUG> ebox-ad-sync:303 main::getPrincipalName - [ad-sync] can't get userPrincipalName for CN=S-1-5-20,CN=ForeignSecurityPrincipals,DC=brasilecodiesel.
2010/03/03 14:55:24 DEBUG> ebox-ad-sync:303 main::getPrincipalName - [ad-sync] can't get userPrincipalName for CN=Domain Admins,CN=Users,DC=brasilecodiesel.
2010/03/03 14:55:24 DEBUG> ebox-ad-sync:303 main::getPrincipalName - [ad-sync] can't get userPrincipalName for CN=Enterprise Admins,CN=Users,DC=brasilecodiesel.
2010/03/03 14:55:25 DEBUG> ebox-ad-sync:303 main::getPrincipalName - [ad-sync] can't get userPrincipalName for CN=Domain Users,CN=Users,DC=brasilecodiesel.
2010/03/03 14:55:25 DEBUG> ebox-ad-sync:303 main::getPrincipalName - [ad-sync] can't get userPrincipalName for CN=S-1-5-11,CN=ForeignSecurityPrincipals,DC=brasilecodiesel.
2010/03/03 14:55:25 DEBUG> ebox-ad-sync:303 main::getPrincipalName - [ad-sync] can't get userPrincipalName for CN=S-1-5-4,CN=ForeignSecurityPrincipals,DC=brasilecodiesel.
2010/03/03 14:55:25 DEBUG> ebox-ad-sync:303 main::getPrincipalName - [ad-sync] can't get userPrincipalName for robertofc.
2010/03/03 14:55:25 DEBUG> ebox-ad-sync:303 main::getPrincipalName - [ad-sync] can't get userPrincipalName for ulda.
2010/03/03 14:55:25 DEBUG> ebox-ad-sync:303 main::getPrincipalName - [ad-sync] can't get userPrincipalName for junior.
2010/03/03 14:55:25 DEBUG> ebox-ad-sync:303 main::getPrincipalName - [ad-sync] can't get userPrincipalName for CN=Domain Guests,CN=Users,DC=brasilecodiesel.


Code: [Select]

2010/03/03 15:00:26 DEBUG> ebox-ad-sync:303 main::getPrincipalName - [ad-sync] can't get userPrincipalName for robertofc.
2010/03/03 15:00:26 DEBUG> ebox-ad-sync:303 main::getPrincipalName - [ad-sync] can't get userPrincipalName for ulda.
2010/03/03 15:00:26 DEBUG> ebox-ad-sync:303 main::getPrincipalName - [ad-sync] can't get userPrincipalName for junior.
2010/03/03 15:00:26 DEBUG> ebox-ad-sync:303 main::getPrincipalName - [ad-sync] can't get userPrincipalName for CN=Domain Guests,CN=Users,DC=brasilecodiesel.
2010/03/03 15:00:26 DEBUG> ebox-ad-sync:303 main::getPrincipalName - [ad-sync] can't get userPrincipalName for junior.
2010/03/03 15:00:26 DEBUG> ebox-ad-sync:303 main::getPrincipalName - [ad-sync] can't get userPrincipalName for ana.cristina.
2010/03/03 15:00:26 DEBUG> ebox-ad-sync:303 main::getPrincipalName - [ad-sync] can't get userPrincipalName for felipe.gaspar.
2010/03/03 15:00:31 DEBUG> ebox-pwdsync-server:63 main:: - [ad-pwdsync] connection from 192.168.0.8
2010/03/03 15:00:31 DEBUG> ebox-pwdsync-server:92 main::handleRequest - [ad-pwdsync] handleRequest() called
2010/03/03 15:00:31 DEBUG> ebox-pwdsync-server:110 main::handleRequest - [ad-pwdsync] received encoded data: NVdHn6KB3IdrzgmJlyFG9G6McZK1ZJs7FR+kphY+r3M=
2010/03/03 15:00:31 DEBUG> ebox-pwdsync-server:122 main::handleRequest - [ad-pwdsync] username = ©¼w´F+Ó9¶ã}
2010/03/03 15:00:31 DEBUG> UsersAndGroups.pm:979 EBox::UsersAndGroups::modifyUserLocal - user name ©¼w´F+Ó9¶ã} does not exist.
2010/03/03 15:00:31 DEBUG> ebox-pwdsync-server:75 main:: - [ad-pwdsync] error updating password
2010/03/03 15:01:01 DEBUG> ebox-pwdsync-server:63 main:: - [ad-pwdsync] connection from 192.168.0.8
2010/03/03 15:01:01 DEBUG> ebox-pwdsync-server:92 main::handleRequest - [ad-pwdsync] handleRequest() called
2010/03/03 15:01:01 DEBUG> ebox-pwdsync-server:110 main::handleRequest - [ad-pwdsync] received encoded data: NVdHn6KB3IdrzgmJlyFG9G6McZK1ZJs7FR+kphY+r3M=
2010/03/03 15:01:01 DEBUG> ebox-pwdsync-server:122 main::handleRequest - [ad-pwdsync] username = ©¼w´F+Ó9¶ã}
2010/03/03 15:01:01 DEBUG> UsersAndGroups.pm:979 EBox::UsersAndGroups::modifyUserLocal - user name ©¼w´F+Ó9¶ã} does not exist.
2010/03/03 15:01:01 DEBUG> ebox-pwdsync-server:75 main:: - [ad-pwdsync] error updating password


[J. A. Calvo]

Please, check if the "secret key" shared between eBox and Windows (the one that has to be 16 characters) is correctly typed in both places. Your log shows an error decoding the crypted data, so probably the key is wrong.

Don't worry about the disabled users, they are only "warnings", not errors.

[technema]

I have this error when i launch ebox-pwdsync-server :

wrong key length: key must be 128, 192 or 256 bits long at ./ebox-pwdsync-server line 53, <DATA> line 228.

I have checked and the key is the same on ebox and windows

Obviously, i don't see any "ad-pwdsync" in my log

[J. A. Calvo]

You have to enter a key of 16 characters (exactly 16) in the Users and groups -> AD Sync Settings, and also the same key in the secret key field of the Windows configuration application provided by the ebox-adsync-installer.

https://trac.ebox-platform.com/wiki/Document/Documentation/EBoxActiveDirectorySync

[technema]

You have to enter a key of 16 characters (exactly 16) in the Users and groups -> AD Sync Settings, and also the same key in the secret key field of the Windows configuration application provided by the ebox-adsync-installer.

https://trac.ebox-platform.com/wiki/Document/Documentation/EBoxActiveDirectorySync

I have already done, many times ... and always the same issue

[J. A. Calvo]

Then I don't understand how you get this:

wrong key length: key must be 128, 192 or 256 bits long at ./ebox-pwdsync-server line 53, <DATA> line 228.

A example of valid key is: qwertyuiop123456

Maybe yours has any relevant difference like strange characters?

I forgot to mention that maybe you have also to restart the service in your Windows server.

[technema]

Then I don't understand how you get this:

wrong key length: key must be 128, 192 or 256 bits long at ./ebox-pwdsync-server line 53, <DATA> line 228.

A example of valid key is: qwertyuiop123456

Maybe yours has any relevant difference like strange characters?

I forgot to mention that maybe you have also to restart the service in your Windows server.

Ok, i have changed my key with differents characters, and no issue now. Thx

Now i have got this :

[ad-pwdsync] Unable to create socket

I check this and keeping you in touch

[J. A. Calvo]

Ok, that probably means that the process is already running, if you want to launch it manually, first you have to stop it with "stop ebox.ad-pwdsync", if this is not enough, check with ps aux|grep pwdsync that there is no process alive.

[Ajeris]

I join problemma I also go error "ebox-ad-sync: 303 main:: getPrincipalName - [ad-sync] can't get userPrincipalName for CN = ASU, CN = Users, DC = turgai" Your advice to the Secret key is not help

[pedemesa]

Ok, the problema with the "[ad-pwdsync] Unable to create socket" I understand... Thanks!

But, I still have a problem with authentication, I don't see any "[ad-pwdsync]"...
My key is a valid key "1234567890123456" (only test). I already "stop ebox.ad-pwdsync" and run manually. Windows Server 2008R2 already restarted...

Anybody have a idea?
Modify message