I'm not very into fedora/redhat direcoty server (DS), but thought I'd just drop a quick question: It doesn't seems like Windows Sync is intended for syncing AD users to DS so that users defined on AD can be allowed to log into Linux machines. It is possible to get this working, however, through a series of manual steps. So what is the intended purpose for Windows Sync, if I might ask, as it seems a lot simpler just to manage everything directly from DS without syncing with AD?
On 11/6/08, Rich Megginson <firstname.lastname@example.org> wrote:
Erling Ringen Elvsrud wrote:
On Wed, Nov 5, 2008 at 3:24 PM, Rich Megginson <email@example.com> wrote:I hear this all the time - AD admins are very touchy about installing anything, especially some piece of random open source software that's going to intercept clear text passwords and send them who-knows-where
That should work. But note that posix attributes will not sync to AD. And
even if you did manage to find a posix schema that worked with AD, and added
the posix schema on the AD side, those attributes would not be synced to
Thanks for your answer.
I start to wonder if Windows sync is worth the trouble. At my site we
will probably not implement password sync as the AD-side is very
restrictive about installing anything.
So what I get is basically aYes. But note - not posix groups (posixGroup) but plain groups (groupOfUniqueNames)
skeleton that I have to populate with the posixUser attributes.
Another issue is groups in AD. I suppose those groups will become
regular unix-groups on the directory server side,
which might not
be enough for all policing needs (may need netgroups in addition).
We will probably have maximum a few hundred users in the directory, doI suggest you take a look at Penrose http://docs.safehaus.org/display/PENROSE/Home
you think Windows-sync is worth the bother?