[Fedora-directory-users] Windows data sync
Emmanuel BILLOT
emmanuel.billot at ird.fr
Thu Mar 26 14:48:20 UTC 2009
Rich Megginson a écrit :
> Emmanuel BILLOT wrote:
>> Rich Megginson a écrit :
>>> Emmanuel BILLOT wrote:
>>>> Hi,
>>>>
>>>> We've installed FDS, AD and a replication agrement.
>>>> FDS data/passwords sync with AD
>>>> AD passwords sync with FDS.
>>>>
>>>> 2 pbs are still unsolved :
>>>> - AD modifications (name, surname, mail) are not send or catched in
>>>> FDS
>>> I suppose you could enable the replication log level and see why
>>> this is not working. Note that changes may take up to 5 minutes to
>>> sync over to Fedora DS due to the way the sync works using the
>>> DirSync control.
>>> http://directory.fedoraproject.org/wiki/FAQ#Troubleshooting
>>>> - Passwords are not recognized after a Full init.
>>>> FDS => AD full init = unable to log on AD (even if we manually
>>>> activate the account)
>>> Right. Passwords are not synced during full init. Full init only
>>> uses passwords in the database which are hashed and do not sync.
>>>> FDS -> AD passwd update = passwd ok in AD
>>> Right. Passwd update uses clear text passwords.
>>>>
>>>> Anyone has an idea ?
>>>>
>>>
>> Ok.
>> Is there any best pratice when adding AD to a FDS ?
>> I don't think i will ask all users to update their password just for
>> it...?
> That's one of the main problems with Windows Sync/Pass Sync. There is
> really no way to sync passwords - AD uses an unreversible
> hash/encryption, and so does Fedora DS.
> The Samba and freeIPA guys are working on ways to mitigate this
> situation.
I had an idea (maybe totally crazy)
What happens if for each FDS entry, the password is updated with the
same hashed value after init ?
Does WinSync requires the cleartext password to work ?
>>> ------------------------------------------------------------------------
>>>
>>>
>>> --
>>> Fedora-directory-users mailing list
>>> Fedora-directory-users at redhat.com
>>> https://www.redhat.com/mailman/listinfo/fedora-directory-users
>>>
>>
>>
>
>
> ------------------------------------------------------------------------
>
> --
> Fedora-directory-users mailing list
> Fedora-directory-users at redhat.com
> https://www.redhat.com/mailman/listinfo/fedora-directory-users
>
--
==========================================
Emmanuel BILLOT
IRD - Orléans
Délégation aux Systèmes d'Information (DSI)
tél : 02 38 49 95 88
==========================================
More information about the Fedora-directory-users
mailing list