[389-users] Pass Sync Doesn't Work
Chandrasekar Kannan
ckannan at redhat.com
Tue Sep 8 23:08:56 UTC 2009
On 09/08/2009 01:04 PM, Morris, Patrick wrote:
> On Tue, 08 Sep 2009, Doug Tucker wrote:
>
>
>>
>>>> OK! The logging was a tremendous help to at least seeing where the
>>>> failure is. When the password change is made on the PDC, passync DOES
>>>> catch it and replicate to 389. However, if the password change occurs
>>>> on the BDC, even though we see the change replicated to the PDC, passync
>>>> is NOT catching it and replicating to 389. Does anyone have any ideas?
>>>>
>>>>
>>> I believe The Password Sync Service must be installed on every Active
>>> Directory domain controller.
>>>
>> It appeared that way for no other reason than it wasn't working, but I
>> can't find anything in the documentation to indicate that, and someone
>> else that responded indicated he sees the change after the BDC
>> replicates it to the PDC. Was just hoping for some official word that
>> states that this must be done.
>>
> I'm not seeing anything in the docs either,
which docs are you referring to ? Have a url ?.
> but it would make sense,
> since I'm relatively sure that when the password syncs from one Active
> Directory replica to another (no such thing as PDCs and BDCs these days,
> y'know), I'd assume it's passing the hash and not the password, so
> there'd be no way to get it into your LDAP server.
>
> If that's the case (and I'm pretty sure it is), you'd need PassSync set
> up on all of your Active Directory servers, since any of them could be
> the one the user gave the actual password to.
>
> --
> 389 users mailing list
> 389-users at redhat.com
> https://www.redhat.com/mailman/listinfo/fedora-directory-users
>
More information about the Fedora-directory-users
mailing list