I imagine this is a common issue/question when trying to implement the password 
sync between AD and IPA.

We have two Windows 2003 domain controllers (for redundancy) so when a user 
issues a password change on the Windows side there is no primary domain 
controller that it will always use for password changes.
So right now IPA is only getting 50% of the Password changes that are done 
through Windows due to password changes going through both domain controllers.
Looking through the documentation IPA will only allow a password sync agreement 
between 1 AD and 1 IPA server.

Is there a solution for this issue? How are people getting around this?


Freeipa-users mailing list

Reply via email to