Rich Megginson a écrit :
Emmanuel BILLOT wrote:
> Rich Megginson a écrit :
>> Emmanuel BILLOT wrote:
>>> Hi,
>>>
>>> We've installed FDS, AD and a replication agrement.
>>> FDS data/passwords sync with AD
>>> AD passwords sync with FDS.
>>>
>>> 2 pbs are still unsolved :
>>> - AD modifications (name, surname, mail) are not send or catched in
>>> FDS
>> I suppose you could enable the replication log level and see why
>> this is not working. Note that changes may take up to 5 minutes to
>> sync over to Fedora DS due to the way the sync works using the
>> DirSync control.
>>
http://directory.fedoraproject.org/wiki/FAQ#Troubleshooting
>>> - Passwords are not recognized after a Full init.
>>> FDS => AD full init = unable to log on AD (even if we manually
>>> activate the account)
>> Right. Passwords are not synced during full init. Full init only
>> uses passwords in the database which are hashed and do not sync.
>>> FDS -> AD passwd update = passwd ok in AD
>> Right. Passwd update uses clear text passwords.
>>>
>>> Anyone has an idea ?
>>>
>>
> Ok.
> Is there any best pratice when adding AD to a FDS ?
> I don't think i will ask all users to update their password just for
> it...?
That's one of the main problems with Windows Sync/Pass Sync. There is
really no way to sync passwords - AD uses an unreversible
hash/encryption, and so does Fedora DS.
The Samba and freeIPA guys are working on ways to mitigate this
situation.
I had an idea (maybe totally crazy)
What happens if for each FDS entry, the password is updated with the
same hashed value after init ?
Does WinSync requires the cleartext password to work ?
>>
------------------------------------------------------------------------
>>
>>
>> --
>> Fedora-directory-users mailing list
>> Fedora-directory-users(a)redhat.com
>>
https://www.redhat.com/mailman/listinfo/fedora-directory-users
>>
>
>
------------------------------------------------------------------------
--
Fedora-directory-users mailing list
Fedora-directory-users(a)redhat.com
https://www.redhat.com/mailman/listinfo/fedora-directory-users
--
==========================================
Emmanuel BILLOT
IRD - Orléans
Délégation aux Systèmes d'Information (DSI)
tél : 02 38 49 95 88
==========================================