Hartmut Wöhrle wrote:
The PassSync service operates exactly the same on AD, or a NT4 PDC. In my experience, it will not send a password across in the clear. Set the "Log Level" registry key to 1 for Password Sync, then restart the service. You will see that it complains about SSL needing to be setup from the passsync.log. You can also take a look at the access log on the FDS side, and you won't see any connections from PassSync unless SSL is setup.Am Mittwoch, 7. Dezember 2005 15:17 schrieb Nathan Kinder:hartmut woehrle mail pcom de wrote:Hallo everyone, so now the Winsync from NT4 PDC -> FDS works fine (thanks to all) And now the next step gives me a problem. I do the Password sync without SSL connection (only one problem at a time).The PassSync service requires SSL. If you take a look at the passsync.log file, it should have an error about your SSL config. -NGKIs there a difffernec between AD and NT PDC, because in the discussion of Winsync password from Dean Jones you write:---- citation from Thu, 17 Nov 2005 ------Nope. Accounts can sync fine without SSL. SSL is only required for passwords to sync from AD -> FDS. You should take a look at the "errors" log on the FDS side. You may want to enable replication level logging through the Console application to get some useful info.-NGK ---- end citation from Thu, 17 Nov 2005 ------ And the followup from David Boreham says:---- citation from Thu, 17 Nov 2005 ------ Other way around. Password sync AD -> FDS works without SSL.Password sync FDS -> AD requires SSL. AD will refuse to modify a password unless you connect via SSL. ---- end citation from Thu, 17 Nov 2005 ------
David noted that passwords will not sync the other way without SSL either. I haven't verified this myself, but I'll take his word on it.
Description: S/MIME Cryptographic Signature