Re: [Freeipa-users] Winsync agreements, what happens if it breaks?
On 03/11/2012 03:45 PM, Steven Jones wrote: Hi, If I have a winsync agreement from AD to IPA, and this does uni-directional password from AD to IPA and for some reason this temporarily breaks, say a network failure. If you are talking about password sync from AD to IPA, and only that, then this is only concerning the PassSync service you install on your AD domain controllers 1) Is there a time limit to -re-establish before it becomes "stale"? No. It will keep trying indefinitely. 2_ Once the communications is functioning again will the differences catch up? Yes. say someone changes their AD password while the winsync was broken.will it sync later anyway? It depends on what you mean by "broken". If the PassSync service is not running, then no password changes will be stored, so none will be replayed. regards Steven Jones Technical Specialist - Linux RHCE Victoria University, Wellington, NZ 0064 4 463 6272 ___ Freeipa-users mailing list Freeipa-users@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-users ___ Freeipa-users mailing list Freeipa-users@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-users
Re: [Freeipa-users] Winsync agreements, what happens if it breaks?
Steven Jones wrote: Hi, If I have a winsync agreement from AD to IPA, and this does uni-directional password from AD to IPA and for some reason this temporarily breaks, say a network failure. winsync doesn't do password changes, passsync does. 1) Is there a time limit to -re-establish before it becomes "stale"? I believe it will try forever. 2_ Once the communications is functioning again will the differences catch up? say someone changes their AD password while the winsync was broken.will it sync later anyway? winsync uses a pull model so yeah, once the connection is made it will catch up to any AD changes made and will forward any applicable IPA-side changes. I believe there is a cap on the either the number of age of changes that 389-ds replication will store, which I believe is configurable. I believe the passsync service will retry, I'm not sure how many times, etc. Rich may know. rob ___ Freeipa-users mailing list Freeipa-users@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-users
[Freeipa-users] Winsync agreements, what happens if it breaks?
Hi, If I have a winsync agreement from AD to IPA, and this does uni-directional password from AD to IPA and for some reason this temporarily breaks, say a network failure. 1) Is there a time limit to -re-establish before it becomes "stale"? 2_ Once the communications is functioning again will the differences catch up? say someone changes their AD password while the winsync was broken.will it sync later anyway? regards Steven Jones Technical Specialist - Linux RHCE Victoria University, Wellington, NZ 0064 4 463 6272 ___ Freeipa-users mailing list Freeipa-users@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-users