[Freeipa-users] EXTERNAL: Re: Active Directory --> IPA Password Sync
Joseph, Matthew (EXP)
matthew.joseph at lmco.com
Fri Apr 5 15:11:30 UTC 2013
Thank you very much for that. Works like a charm.
How does this work though? You setup the winsync agreement between your IPA Server and AD server using the hostname.
How does IPA know that it can trust a second DC?
Matt
From: freeipa-users-bounces at redhat.com [mailto:freeipa-users-bounces at redhat.com] On Behalf Of Dmitri Pal
Sent: Friday, April 05, 2013 11:56 AM
To: freeipa-users at redhat.com
Subject: EXTERNAL: Re: [Freeipa-users] Active Directory --> IPA Password Sync
On 04/05/2013 10:52 AM, Joseph, Matthew (EXP) wrote:
Hello,
I imagine this is a common issue/question when trying to implement the password sync between AD and IPA.
We have two Windows 2003 domain controllers (for redundancy) so when a user issues a password change on the Windows side there is no primary domain controller that it will always use for password changes.
So right now IPA is only getting 50% of the Password changes that are done through Windows due to password changes going through both domain controllers.
Looking through the documentation IPA will only allow a password sync agreement between 1 AD and 1 IPA server.
Is there a solution for this issue? How are people getting around this?
One winsync agreement but passsync should be installed on both DCs.
Thanks,
Matt
_______________________________________________
Freeipa-users mailing list
Freeipa-users at redhat.com<mailto:Freeipa-users at redhat.com>
https://www.redhat.com/mailman/listinfo/freeipa-users
--
Thank you,
Dmitri Pal
Sr. Engineering Manager for IdM portfolio
Red Hat Inc.
-------------------------------
Looking to carve out IT costs?
www.redhat.com/carveoutcosts/<http://www.redhat.com/carveoutcosts/>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20130405/687ca0c6/attachment.htm>
More information about the Freeipa-users
mailing list