Re: Windows data sync

[Emmanuel BILLOT <emmanuel.billot@xxxxxx>]

Rich Megginson a écrit :
> Emmanuel BILLOT wrote:
> > Rich Megginson a écrit :
> > > Emmanuel BILLOT wrote:
> > > > Hi,
> > > >
> > > > We've installed FDS, AD and a replication agrement.
> > > > FDS data/passwords sync with AD
> > > > AD passwords sync with FDS.
> > > >
> > > > 2 pbs are still unsolved :
> > > > - AD modifications (name, surname, mail) are not send or catched in 
> > > > FDS
> > > I suppose you could enable the replication log level and see why 
> > > this is not working.  Note that changes may take up to 5 minutes to 
> > > sync over to Fedora DS due to the way the sync works using the 
> > > DirSync control.
> > > http://directory.fedoraproject.org/wiki/FAQ#Troubleshooting
> > > > - Passwords are not recognized after a Full init.
> > > >    FDS => AD full init = unable to log on AD (even if we manually 
> > > > activate the account)
> > > Right.  Passwords are not synced during full init.  Full init only 
> > > uses passwords in the database which are hashed and do not sync.
> > > >    FDS -> AD passwd update = passwd ok in AD
> > > Right.  Passwd update uses clear text passwords.
> > > > Anyone has an idea ?
> > Ok.
> > Is there any best pratice when adding AD to a FDS ?
> > I don't think i will ask all users to update their password just for 
> > it...?
> That's one of the main problems with Windows Sync/Pass Sync.  There is 
> really no way to sync passwords - AD uses an unreversible 
> hash/encryption, and so does Fedora DS.
> The Samba and freeIPA guys are working on ways to mitigate this 
> situation.
I had an idea (maybe totally crazy)
What happens if for each FDS entry, the password is updated with the 
same hashed value after init ?
Does WinSync requires the cleartext password  to work ?
> > > ------------------------------------------------------------------------ 
> > >
> > >
> > > --
> > > Fedora-directory-users mailing list
> > > Fedora-directory-users@xxxxxxxxxx
> > > https://www.redhat.com/mailman/listinfo/fedora-directory-users
> > >   
>
>
> ------------------------------------------------------------------------
>
> --
> Fedora-directory-users mailing list
> Fedora-directory-users@xxxxxxxxxx
> https://www.redhat.com/mailman/listinfo/fedora-directory-users
>   


--
==========================================
Emmanuel BILLOT
IRD - Orléans
Délégation aux Systèmes d'Information (DSI)
tél : 02 38 49 95 88
==========================================

--
Fedora-directory-users mailing list
Fedora-directory-users@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/fedora-directory-users