[389-users] Password synchronization between AD and FDS

Rich Megginson rmeggins at redhat.com
Fri Jul 10 17:06:43 UTC 2009 

Prashanth Sundaram wrote:
>   Hello,
>
> I am in the process of setting up the Fedora DS as our main 
> development LDAP server. I would like to know all the possible ways to 
> sync the password between AD  and FDS.
>
> Please forgive me, if I am repeating any questions already posted on 
> this forum.
>
> Question1: Is FDS and Password sync Enterprise ready?
Yes.
> I am afraid the password Sync can break anytime.
Any software can break anytime.  There are no 100% guarantees in the 
world of software.
> Also our Windows admins are very skeptical to install a plug-in like 
> PassSync.
In every shop that has a "windows side of the house" and a "*nix side of 
the house", and someone wants to deploy directory server and PassSync, 
the windows admins _never_ want to deploy any additional software on 
their precious AD machines, especially none of that weird, messy free 
open source stuff.
However, PassSync is used quite successfully in many, many deployments.
>
> Question2: How can I make sure the service is running without any 
> problems on MS server 2003? Any checks or notification system?
There are log files.
>
> Question3: Has any one tried the Windows Services for Unix 3.5, 
> Password Synchronization between AD and UNIX?
It's really the same problem as with PassSync, only the reverse - you 
have to install, configure, and secure a Microsoft provided daemon (and 
PAM too) on every linux machine you want to sync passwords with.  I'm 
sure the Windows guys will say "look - it's much safer than PassSync - 
it's from Microsoft!"
>
> Question4: What other password sync mechanisms can I try, even if it 
> requires hours of configuring.
>
> Thanks,
> Prashanth
> ------------------------------------------------------------------------
>
> --
> 389 users mailing list
> 389-users at redhat.com
> https://www.redhat.com/mailman/listinfo/fedora-directory-users
>   

-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 3258 bytes
Desc: S/MIME Cryptographic Signature
URL: <http://lists.fedoraproject.org/pipermail/389-users/attachments/20090710/c1910903/attachment.bin>

More information about the 389-users mailing list