Emmanuel BILLOT wrote:
WinSync must have access to the clear text password to send it to AD, and vice versa - that's what passsync does - it intercepts the clear text password modification so that it can send the clear text password to Fedora DS.Rich Megginson a écrit :Emmanuel BILLOT wrote:That's one of the main problems with Windows Sync/Pass Sync. There is really no way to sync passwords - AD uses an unreversible hash/encryption, and so does Fedora DS. The Samba and freeIPA guys are working on ways to mitigate this situation.Rich Megginson a écrit :Emmanuel BILLOT wrote:I suppose you could enable the replication log level and see why this is not working. Note that changes may take up to 5 minutes to sync over to Fedora DS due to the way the sync works using the DirSync control.Hi, We've installed FDS, AD and a replication agrement. FDS data/passwords sync with AD AD passwords sync with FDS. 2 pbs are still unsolved :- AD modifications (name, surname, mail) are not send or catched in FDShttp://directory.fedoraproject.org/wiki/FAQ#TroubleshootingRight. Passwords are not synced during full init. Full init only uses passwords in the database which are hashed and do not sync.- Passwords are not recognized after a Full init.FDS => AD full init = unable to log on AD (even if we manually activate the account)FDS -> AD passwd update = passwd ok in ADRight. Passwd update uses clear text passwords.Anyone has an idea ?Ok. Is there any best pratice when adding AD to a FDS ?I don't think i will ask all users to update their password just for it...?I had an idea (maybe totally crazy)What happens if for each FDS entry, the password is updated with the same hashed value after init ?Does WinSync requires the cleartext password to work ?
-------------------------------------------------------------------------- Fedora-directory-users mailing list Fedora-directory-users@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-directory-users------------------------------------------------------------------------ -- Fedora-directory-users mailing list Fedora-directory-users@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-directory-users
<<attachment: smime.p7s>>
-- Fedora-directory-users mailing list Fedora-directory-users@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-directory-users
