[Fedora-directory-users] Windows Sync and Active Directory password complexity policies
John Dickinson
jad at jadickinson.co.uk
Tue Nov 18 15:56:09 UTC 2008
On 18 Nov 2008, at 15:41, Hugo Etievant wrote:
> hello,
>
> The admin Guid says that : "Make sure that the Active Directory
> password complexity policies are enabled so that the *Password Sync*
> service will run. Run |secpol.msc|, and select *Security Settings*,
> then *Account Policies*, and *Password Policy*. Make sure that |
> Password must meet complexity requirements| is selected. " ( cf http://www.redhat.com/docs/manuals/dir-server/ag/8.0/Windows_Sync-Configuring_Windows_Sync.html
> )
>
> I done the installation same as required.
>
> But after a week, I have reconfigured Active Directory and
> unactivate the "|Password must meet complexity requirements|"
> attribute.
> Windows Sync continue to work without problem : new very simple
> password (for example, password identical to login) are synchronized
> between AD and FDS.
>
> Why the Admin Guide says this attribute is mandatory ? The facts
> show that it is not !
>
> Is it a bug ?
>
>
> The |complexity requirements are too much complicated for my users
> (and are no configurable), i must unactivate it.|
Based on my experiments, you don't have to have complexity
requirements turned on in AD and FDS but it would be a good idea to
ensure any requirements are the same in both. Otherwise some passwords
might work and others not.
You can turn off the requirement in FDS - I don't remember where and
don't have access to my system right now - but try right clicking in
the directory console at the userRoot, I think there is something
about this in the menu.
John
More information about the Fedora-directory-users
mailing list