Hi all, i have been playing with FDS for a couple of months now. My company has about many windows machines and the users are on stored ldap. and they want to control the access from the windows machines to the internet through 802.1x authentication and without having to purchase a third party client for them. up to my knowledge, windows doesn't support pap authentication and there isn't a way that ldap support mschapv2 authentication. While reading the documentation, i found out about the Pass sync. After struggling for a while, i was able to start SSL on the FDS and my AD, i installed pass sync on the windows machine and started a sync agreement policy on the FDS. Everything is working perfectly but i have the following problem: When i start the sync between the FDS and AD, the accounts synced become disabled by default of the AD, also, even when i enable them, their passwords aren't copied at the first time. I tried to enable a synced account and login on a machine in the domain, a message said that i am required to change the password for the first time, so i concluded that passwords weren't copied with the account! I thought that it was a policy on the windows domain controller, so i disabled all the policies on it, especially the passwords ones. I tried checking the logs but i don't know where to search or what for?! I don't know what to do? Regards Abdelrahman -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.fedoraproject.org/pipermail/389-users/attachments/20060329/c5edc3c2/attachment.html