On 04/05/2013 10:52 AM, Joseph, Matthew (EXP) wrote:
>
> Hello,
>
>  
>
> I imagine this is a common issue/question when trying to implement the
> password sync between AD and IPA.
>
>  
>
> We have two Windows 2003 domain controllers (for redundancy) so when a
> user issues a password change on the Windows side there is no primary
> domain controller that it will always use for password changes.
>
> So right now IPA is only getting 50% of the Password changes that are
> done through Windows due to password changes going through both domain
> controllers.
>
> Looking through the documentation IPA will only allow a password sync
> agreement between 1 AD and 1 IPA server.
>
>  
>
> Is there a solution for this issue? How are people getting around this?
>

One winsync agreement but passsync should be installed on both DCs.
>
>  
>
> Thanks,
>
>
> Matt
>
>
>
> _______________________________________________
> Freeipa-users mailing list
> Freeipa-users@redhat.com
> https://www.redhat.com/mailman/listinfo/freeipa-users


-- 
Thank you,
Dmitri Pal

Sr. Engineering Manager for IdM portfolio
Red Hat Inc.


-------------------------------
Looking to carve out IT costs?
www.redhat.com/carveoutcosts/



_______________________________________________
Freeipa-users mailing list
Freeipa-users@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-users

Reply via email to