On 03/12/2015 03:44 PM, Gonzalo Fernandez Ordas wrote:


Thanks very much for the quick reply. And that was exactly the bit I never fully understood, till now.

is it known anyway of synchronising the passwords?

No.

Any recommendations on those regards?

Yes - use Trusts instead of sync.


Thanks



On 12/03/2015 22:13, Rich Megginson wrote:
On 03/12/2015 03:07 PM, Gonzalo Fernandez Ordas wrote:
Hi

I have successfully setup an AD---> freeipa Model and joining bits and pieces from 389-ds I have setup a oneWaySinc fromWindows. The issue I got for the last week is the pasword sync which does not seem to work at all, it does not matter what I do in the AD server I never get the passwords being transferred over. I went through many manual pages, different versions and I do not have clear if I need to run any ldapmodification at all! This will be a onewaySync and I do not want the passwords being replicated BACK to AD, also I read about the "reset" setting and I am not sure if every single password needs to be reset at all?

has anybody got any sort of definitive guide or maybe a clear path to follow?

http://www.port389.org/docs/389ds/howto/howto-windowssync.html#configuring-passsync

Note that you have to change a password in AD in order for it to be sync'd to freeipa. PassSync will not sync already existing password.s


Many thanks for all your help

Gonzalo




--
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go to http://freeipa.org for more info on the project

Reply via email to