Topic
  • 4 replies
  • Latest Post - ‏2014-09-10T12:15:06Z by baba1414
baba1414
baba1414
7 Posts

Pinned topic Password Sync Plugins for Windows

‏2014-08-01T09:31:43Z |

Hello,

I am working on Password Sync Plug-in for Windows, where i want to catch ADLDS passwords.

I installed and do some POC but don't know where is it going, No password notification received.

**** Here Query_Plugin logs

INFO:  7136: Fri Aug 01 04:37:26 2014: : Executing the 'query_plugin' command.
INFO:  7136: Fri Aug 01 04:37:26 2014: : The plugin is loaded: the binary 'C:\Windows\system32\tdipwflt_64.dll' is locked.
INFO:  7136: Fri Aug 01 04:37:26 2014: : The last initialization of the plugin was successful.
INFO:  7136: Fri Aug 01 04:37:26 2014: : The plugin is enabled.
INFO:  7136: Fri Aug 01 04:37:26 2014: : The plugin is intercepting passwords.
INFO:  7136: Fri Aug 01 04:37:26 2014: : Done.

**** Proxy Logs

[8/1/14, 4:36 AM] {LogStore}     INFO:   CTGDKN301I Initializing the Password Store class...
[8/1/14, 4:36 AM] {LogStore}     INFO:   CTGDKN302I Initializing method received the object: 'com.ibm.di.plugin.log.PWSyncLog@6db5a947'.
[8/1/14, 4:36 AM] {Proxy}        INFO:   CTGDKN010I The authentication folder is: 'F:\Program Files\IBM\TDI\V7.2\pwd_plugins\windows'.
[8/1/14, 4:37 AM] {ProxyAuth}    INFO:   CTGDKN056I Received correct password from client.
[8/1/14, 4:37 AM] {ProxyAuth}    INFO:   CTGDKN057I Sending password to client.
[8/1/14, 4:37 AM] {ProxyAuth}    INFO:   CTGDKN063I The client accepted the password sent by the proxy.
[8/1/14, 4:37 AM] {ProxyAuth}    INFO:   CTGDKN053I Proxy password file deleted successfully.
[8/1/14, 4:37 AM] {ProxyAuth}    INFO:   CTGDKN060I Client password file deleted successfully.
[8/1/14, 4:37 AM] {Proxy}        INFO:   CTGDKN011I Plug-in/Proxy authentication successful.
[8/1/14, 4:37 AM] {Proxy}        DEBUG:   CTGDKN031I Reading BOM.
[8/1/14, 4:37 AM] {Proxy}        DEBUG:   CTGDKN033I Found encoding 'UTF-16LE'.
[8/1/14, 4:37 AM] {Proxy}        DEBUG:   CTGDKN034I Sending positive response to the client plug-in.
[8/1/14, 4:37 AM] {Proxy}        DEBUG:   CTGDKN026I Received operational code: '5'.
 

I tried message-guide for receiving operational code but didn't find anything.

Any help would be appreciated.

Thanks

  • Ranvijay_SIngh
    Ranvijay_SIngh
    2 Posts

    Re: Password Sync Plugins for Windows

    ‏2014-08-30T18:21:36Z  

    Hello ,

       Follow the below steps:

        a. Open the command prompt and change directory to <TDI install directory>/pwd_plugins/windows folder.

        b. Run the pwsync_admin.exe suspend_plugin command.
        c. Run the pwsync_admin.exe reconf_plugin command.
        d. Run the pwsync_admin.exe stop_proxy command.
        e. Run the pwsync_admin.exe start_proxy command.
        f. Run the pwsync_admin.exe resume_plugin command.

    . Make sure the two log files 'plugin.log' and 'proxy.log' in <TDI install directory>/pwd_plugins/windows
       folder contain no error messages

    What's ur password store ? share your "pwsync.prop" on forum

     

  • baba1414
    baba1414
    7 Posts

    Re: Password Sync Plugins for Windows

    ‏2014-09-01T08:41:37Z  

    Hello ,

       Follow the below steps:

        a. Open the command prompt and change directory to <TDI install directory>/pwd_plugins/windows folder.

        b. Run the pwsync_admin.exe suspend_plugin command.
        c. Run the pwsync_admin.exe reconf_plugin command.
        d. Run the pwsync_admin.exe stop_proxy command.
        e. Run the pwsync_admin.exe start_proxy command.
        f. Run the pwsync_admin.exe resume_plugin command.

    . Make sure the two log files 'plugin.log' and 'proxy.log' in <TDI install directory>/pwd_plugins/windows
       folder contain no error messages

    What's ur password store ? share your "pwsync.prop" on forum

     

    Hello,

    Yes i have done this command sequence many times, with Password Store as LDAP and Logs.

    Here is logs from:

    ******Proxy.log

    [9/1/14, 4:33 AM] {Proxy}        INFO:   CTGDKN010I The authentication folder is: 'F:\Program Files\IBM\TDI\V7.2\pwd_plugins\windows'.
     

    *******pwsync_admin.log

    INFO:  3660: Mon Sep 01 04:34:09 2014: : Executing the 'resume_plugin' command.
    INFO:  3660: Mon Sep 01 04:34:09 2014: : Resuming plugin ...
    INFO:  3660: Mon Sep 01 04:34:09 2014: : Plugin is ENABLED.
    INFO:  3660: Mon Sep 01 04:34:09 2014: : Done.
     

    Please see attached for pwdsync.props as LDAP Store.

    Thanks for your comment.

    Attachments

    Updated on 2014-09-01T08:44:37Z at 2014-09-01T08:44:37Z by baba1414
  • yn2000
    yn2000
    1086 Posts

    Re: Password Sync Plugins for Windows

    ‏2014-09-05T12:53:26Z  
    • baba1414
    • ‏2014-09-01T08:41:37Z

    Hello,

    Yes i have done this command sequence many times, with Password Store as LDAP and Logs.

    Here is logs from:

    ******Proxy.log

    [9/1/14, 4:33 AM] {Proxy}        INFO:   CTGDKN010I The authentication folder is: 'F:\Program Files\IBM\TDI\V7.2\pwd_plugins\windows'.
     

    *******pwsync_admin.log

    INFO:  3660: Mon Sep 01 04:34:09 2014: : Executing the 'resume_plugin' command.
    INFO:  3660: Mon Sep 01 04:34:09 2014: : Resuming plugin ...
    INFO:  3660: Mon Sep 01 04:34:09 2014: : Plugin is ENABLED.
    INFO:  3660: Mon Sep 01 04:34:09 2014: : Done.
     

    Please see attached for pwdsync.props as LDAP Store.

    Thanks for your comment.

    Just being the second eyes for pwsync.props...

    1. Please double check that the user is really member of the group listed in the includeGroups

    2. Please double check that there is no typo in the objectclass and attributes in the LDAP server, because it is not a standard/default objectclass/attributes. You may also turn on the LDAP server log to double check whether there is data coming into the LDAP, just in case there is network issue blocking the arrival of the data.

    Rgds. YN.

  • baba1414
    baba1414
    7 Posts

    Re: Password Sync Plugins for Windows

    ‏2014-09-10T12:15:06Z  
    • yn2000
    • ‏2014-09-05T12:53:26Z

    Just being the second eyes for pwsync.props...

    1. Please double check that the user is really member of the group listed in the includeGroups

    2. Please double check that there is no typo in the objectclass and attributes in the LDAP server, because it is not a standard/default objectclass/attributes. You may also turn on the LDAP server log to double check whether there is data coming into the LDAP, just in case there is network issue blocking the arrival of the data.

    Rgds. YN.

    Hello,

    Thanks for your response.

    Update on your comments:

    1. I checked the all groups and change password for them.

    2. I able to add dummy user to LDAP directory, So no worry from firewall and LDAP entry.

    Additional comment: I am using ADLDS directory, so is it pwdSync can access ADLDS changes? because we can create multiple instances of ADLDS on same server, and we didn't apply changes for particular instance. We did regedit changes on generic level only.

    I don't know if we need more regEdit changes for ADLDS instances, let me know if you need more info.

    Thanks