Gregory A Fuller wrote: > I have Windows Active Directory to 389 Directory Server syncronization working. I can create an account in AD and it gets synced to the 389 LDAP server and the password is synced also. This only works for "User" accounts in Active Directory though. > > Is there a way that I can sync my Active Directory "machine trust" accounts from AD to the 389 directory server? A machine trust account is just a user account that is a computer from what I can tell. I'm looking to get the computer username and password that is set in Active Directory into the 389 server so I can do machine based RADIUS authentication directly against the 389 LDAP server rather than directly through Active Directory. > > Is it possible to sync the computer accounts from AD->389? Any ideas? > It's probably not possible with 389 winsync. Winsync, for user accounts, is hardcoded to deal with the inetOrgPerson attributes. If the machine accounts use attributes outside of inetOrgPerson, you're not going to be able to use winsync. I wrote a python class using python-ldap that implements client side support for the same mechanism - the DirSync control - that 389 uses to get changes from AD. If you are a python hacker, you might be able to do something with this - http://github.com/richm/scripts/blob/master/dirsyncctrl.py > --greg > > > Gregory A. Fuller - CCNA > Network Manager > State University of New York at Oswego > Phone: (315) 312-5750 > http://www.oswego.edu/~gfuller > > > ------------------------------------------------------------------------ > > -- > 389 users mailing list > 389-users@xxxxxxxxxxxxxxxxxxxxxxx > https://admin.fedoraproject.org/mailman/listinfo/389-users -- 389 users mailing list 389-users@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/389-users
