[Fedora-directory-users] FDS AD Sync
Richard Megginson
rmeggins at redhat.com
Fri Mar 31 21:51:10 UTC 2006
Abdelrahman wrote:
> Mr. Daniel,
> Luckly, i have the accounts previously on FDS therefore, i think i
> won't face the same problem you have. Yet, when i create a new user on
> FDS via Console its not fully sync to AD.
> only the username is sync but the accounts becomes automaticly
> disabled on the AD and the user have to reset his password!
>
> It might be a problem with my configuration but i don't know where.
There is some setting in the AD configuration which says to disable new
users. It is on by default. You have to find it and tell it not to
disable new users.
>
> regards,
> Abdelrahman
>
>
> On 3/31/06, *Daniel Shackelford* < dshackel at arbor.edu
> <mailto:dshackel at arbor.edu>> wrote:
>
> When you are replicating to AD, user accounts are fully synced
> upon creation. If you create a new user in FDS, the account and
> password will be immediately synced to AD. The issue is with
> accounts that already exist in AD (I am not sure about those that
> are in FDS) before a replication agreement is set up. If you are
> just now setting up FSD and want accounts created in FDS to also
> be created in AD at the same time, then you should not have any
> trouble if you have set up replication correctly.
>
> We use FDS for provisioning new accounts via a portal. The
> account is created in FDS and it is replicated to AD. The user
> can immediately log onto our network. The PassSync part on AD
> makes sure that if their password is changed via the windows tools
> (Ctrl-Alt-Del -> change password, Computers and Users MMC -> reset
> password), it will also set the new password in FDS. Our system
> goes both ways. Accounts can be created in either directory, and
> they will be replicated (with passwords) to the other one.
>
> Again, the issue is not with account creation, but with handling
> accounts that already exist before replication is set up. AD will
> not allow passwords to be read, only to be compared, and that is
> the main problem. I am not sure about FDS, and it may be possible
> to get the passwords out in order to reset them. Importing an
> ldif file to change the passwords will work, providing the
> passwords are in plain text. So if you can find a way to export
> the passwords in plain text (with the uid or dn), you may be able
> to reset them all in both directories in one fell swoop.
>
> Good luck (and be careful)
>
> >From your mail, i understood that you are trying to sync
> passwords from AD
> >to FDS. I am trying to sync accounts the other way round from FDS
> to AD.
> >
> >If pass sync doesn't full sync accounts between FDS and AD which
> i regard as
> >a replica of FDS, when i create new user i have to create him on
> the AD and
> >ask the user who's password is already saved on FDS to login and
> change his
> >password which he just created!
> >
> >This is wasn't i hoped for :(
> >
> >regards,
> >Abdelrahman
>
> --
> Daniel Shackelford
> Systems Administrator
> Technology Services
> Spring Arbor University
> 517 750-6648
>
> "For even the Son of Man did not come to be served, but to serve,
> and to give His life a ransom for many"
> Mark 10:45
>
> --
> Fedora-directory-users mailing list
> Fedora-directory-users at redhat.com
> <mailto:Fedora-directory-users at redhat.com>
> https://www.redhat.com/mailman/listinfo/fedora-directory-users
>
>
> ------------------------------------------------------------------------
>
> --
> Fedora-directory-users mailing list
> Fedora-directory-users at redhat.com
> https://www.redhat.com/mailman/listinfo/fedora-directory-users
>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 3178 bytes
Desc: S/MIME Cryptographic Signature
URL: <http://listman.redhat.com/archives/fedora-directory-users/attachments/20060331/2223c3bf/attachment.bin>
More information about the Fedora-directory-users
mailing list