On 09/08/2009 01:04 PM, Morris, Patrick wrote:
On Tue, 08 Sep 2009, Doug Tucker wrote:
OK! The logging was a tremendous help to at least seeing where the
failure is. When the password change is made on the PDC, passync DOES
catch it and replicate to 389. However, if the password change occurs
on the BDC, even though we see the change replicated to the PDC, passync
is NOT catching it and replicating to 389. Does anyone have any ideas?
I believe The Password Sync Service must be installed on every Active
Directory domain controller.
It appeared that way for no other reason than it wasn't working, but I
can't find anything in the documentation to indicate that, and someone
else that responded indicated he sees the change after the BDC
replicates it to the PDC. Was just hoping for some official word that
states that this must be done.
I'm not seeing anything in the docs either,
which docs are you referring to ? Have a url ?.
but it would make sense,
since I'm relatively sure that when the password syncs from one Active
Directory replica to another (no such thing as PDCs and BDCs these days,
y'know), I'd assume it's passing the hash and not the password, so
there'd be no way to get it into your LDAP server.
If that's the case (and I'm pretty sure it is), you'd need PassSync set
up on all of your Active Directory servers, since any of them could be
the one the user gave the actual password to.
--
389 users mailing list
389-users@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/fedora-directory-users
--
389 users mailing list
389-users@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/fedora-directory-users
