Windows data sync

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Rich Megginson a ?crit :
> Emmanuel BILLOT wrote:
>> Rich Megginson a ?crit :
>>> Emmanuel BILLOT wrote:
>>>> Hi,
>>>>
>>>> We've installed FDS, AD and a replication agrement.
>>>> FDS data/passwords sync with AD
>>>> AD passwords sync with FDS.
>>>>
>>>> 2 pbs are still unsolved :
>>>> - AD modifications (name, surname, mail) are not send or catched in 
>>>> FDS
>>> I suppose you could enable the replication log level and see why 
>>> this is not working.  Note that changes may take up to 5 minutes to 
>>> sync over to Fedora DS due to the way the sync works using the 
>>> DirSync control.
>>> http://directory.fedoraproject.org/wiki/FAQ#Troubleshooting
>>>> - Passwords are not recognized after a Full init.
>>>>    FDS => AD full init = unable to log on AD (even if we manually 
>>>> activate the account)
>>> Right.  Passwords are not synced during full init.  Full init only 
>>> uses passwords in the database which are hashed and do not sync.
>>>>    FDS -> AD passwd update = passwd ok in AD
>>> Right.  Passwd update uses clear text passwords.
>>>>
>>>> Anyone has an idea ?
>>>>
>>>
>> Ok.
>> Is there any best pratice when adding AD to a FDS ?
>> I don't think i will ask all users to update their password just for 
>> it...?
> That's one of the main problems with Windows Sync/Pass Sync.  There is 
> really no way to sync passwords - AD uses an unreversible 
> hash/encryption, and so does Fedora DS.
> The Samba and freeIPA guys are working on ways to mitigate this 
> situation.
I had an idea (maybe totally crazy)
What happens if for each FDS entry, the password is updated with the 
same hashed value after init ?
Does WinSync requires the cleartext password  to work ?
>>> ------------------------------------------------------------------------ 
>>>
>>>
>>> -- 
>>> Fedora-directory-users mailing list
>>> Fedora-directory-users at redhat.com
>>> https://www.redhat.com/mailman/listinfo/fedora-directory-users
>>>   
>>
>>
>
>
> ------------------------------------------------------------------------
>
> --
> Fedora-directory-users mailing list
> Fedora-directory-users at redhat.com
> https://www.redhat.com/mailman/listinfo/fedora-directory-users
>   


-- 
==========================================
Emmanuel BILLOT
IRD - Orl?ans
D?l?gation aux Syst?mes d'Information (DSI)
t?l : 02 38 49 95 88
==========================================
[Index of Archives]     [Fedora User Discussion]     [Older Fedora Users]     [Fedora Announce]     [Fedora Package Announce]     [EPEL Announce]     [Fedora News]     [Fedora Cloud]     [Fedora Advisory Board]     [Fedora Education]     [Fedora Security]     [Fedora Scitech]     [Fedora Robotics]     [Fedora Maintainers]     [Fedora Infrastructure]     [Fedora Websites]     [Anaconda Devel]     [Fedora Devel Java]     [Fedora Legacy]     [Fedora Desktop]     [Fedora Fonts]     [ATA RAID]     [Fedora Marketing]     [Fedora Management Tools]     [Fedora Mentors]     [Fedora Package Review]     [Fedora R Devel]     [Fedora PHP Devel]     [Kickstart]     [Fedora Music]     [Fedora Packaging]     [Centos]     [Fedora SELinux]     [Fedora Legal]     [Fedora Kernel]     [Fedora QA]     [Fedora Triage]     [Fedora OCaml]     [Coolkey]     [Virtualization Tools]     [ET Management Tools]     [Yum Users]     [Tux]     [Yosemite News]     [Yosemite Photos]     [Linux Apps]     [Maemo Users]     [Gnome Users]     [KDE Users]     [Fedora Tools]     [Fedora Art]     [Fedora Docs]     [Maemo Users]     [Asterisk PBX]     [Fedora Sparc]     [Fedora Universal Network Connector]     [Fedora ARM]

  Powered by Linux