Emmanuel BILLOT wrote:
That's one of the main problems with Windows Sync/Pass Sync. There is really no way to sync passwords - AD uses an unreversible hash/encryption, and so does Fedora DS.Rich Megginson a écrit :Emmanuel BILLOT wrote:I suppose you could enable the replication log level and see why this is not working. Note that changes may take up to 5 minutes to sync over to Fedora DS due to the way the sync works using the DirSync control.Hi, We've installed FDS, AD and a replication agrement. FDS data/passwords sync with AD AD passwords sync with FDS. 2 pbs are still unsolved : - AD modifications (name, surname, mail) are not send or catched in FDShttp://directory.fedoraproject.org/wiki/FAQ#TroubleshootingRight. Passwords are not synced during full init. Full init only uses passwords in the database which are hashed and do not sync.- Passwords are not recognized after a Full init.FDS => AD full init = unable to log on AD (even if we manually activate the account)FDS -> AD passwd update = passwd ok in ADRight. Passwd update uses clear text passwords.Anyone has an idea ?Ok. Is there any best pratice when adding AD to a FDS ?I don't think i will ask all users to update their password just for it...?
The Samba and freeIPA guys are working on ways to mitigate this situation.
------------------------------------------------------------------------ -- Fedora-directory-users mailing list Fedora-directory-users@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-directory-users
<<attachment: smime.p7s>>
-- Fedora-directory-users mailing list Fedora-directory-users@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-directory-users
