[Fedora-directory-users] Windows data sync

[Rich Megginson]

Emmanuel BILLOT wrote:
> Rich Megginson a écrit :
>> Emmanuel BILLOT wrote:
>>> Hi,
>>>
>>> We've installed FDS, AD and a replication agrement.
>>> FDS data/passwords sync with AD
>>> AD passwords sync with FDS.
>>>
>>> 2 pbs are still unsolved :
>>> - AD modifications (name, surname, mail) are not send or catched in FDS
>> I suppose you could enable the replication log level and see why this 
>> is not working.  Note that changes may take up to 5 minutes to sync 
>> over to Fedora DS due to the way the sync works using the DirSync 
>> control.
>> http://directory.fedoraproject.org/wiki/FAQ#Troubleshooting
>>> - Passwords are not recognized after a Full init.
>>>    FDS => AD full init = unable to log on AD (even if we manually 
>>> activate the account)
>> Right.  Passwords are not synced during full init.  Full init only 
>> uses passwords in the database which are hashed and do not sync.
>>>    FDS -> AD passwd update = passwd ok in AD
>> Right.  Passwd update uses clear text passwords.
>>>
>>> Anyone has an idea ?
>>>
>>
> Ok.
> Is there any best pratice when adding AD to a FDS ?
> I don't think i will ask all users to update their password just for 
> it...?
That's one of the main problems with Windows Sync/Pass Sync.  There is 
really no way to sync passwords - AD uses an unreversible 
hash/encryption, and so does Fedora DS.
The Samba and freeIPA guys are working on ways to mitigate this situation.
>> ------------------------------------------------------------------------
>>
>> -- 
>> Fedora-directory-users mailing list
>> Fedora-directory-users at redhat.com
>> https://www.redhat.com/mailman/listinfo/fedora-directory-users
>>   
>
>


-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 3258 bytes
Desc: S/MIME Cryptographic Signature
URL: <http://listman.redhat.com/archives/fedora-directory-users/attachments/20090326/7272de16/attachment.bin>