[Fedora-directory-users] Windows NT4 Password Sync Problem

Nathan Kinder nkinder at redhat.com
Wed Dec 7 21:39:47 UTC 2005 

Hartmut Wöhrle wrote:

>Am Mittwoch, 7. Dezember 2005 15:17 schrieb Nathan Kinder:
>  
>
>>hartmut.woehrle at mail.pcom.de wrote:
>>    
>>
>>>Hallo everyone,
>>>
>>>so now the Winsync from NT4 PDC -> FDS works fine (thanks to all)
>>>
>>>And now the next step gives me a problem.
>>>I do the Password sync without SSL connection (only one problem at a
>>>time).
>>>      
>>>
>>The PassSync service requires SSL.  If you take a look at the
>>passsync.log file, it should have an error about your SSL config.
>>
>>-NGK
>>    
>>
>
>Is there a difffernec between AD and NT PDC, because in the discussion of 
>Winsync password from Dean Jones you write:
>
>---- citation from Thu, 17 Nov 2005 ------
>Nope. Accounts can sync fine without SSL. SSL is only required for passwords 
>to sync from AD -> FDS. You should take a look at the "errors" log on the FDS 
>side. You may want to enable replication level logging through the Console 
>application to get some useful info.
>
>-NGK
>---- end citation from Thu, 17 Nov 2005 ------
>
>And the followup from David Boreham says:
>
>---- citation from Thu, 17 Nov 2005 ------ 
>Other way around. Password sync AD -> FDS works without SSL.
>Password sync FDS -> AD requires SSL. AD will refuse to modify
>a password unless you connect via SSL.
>---- end citation from Thu, 17 Nov 2005 ------
>
>  
>
The PassSync service operates exactly the same on AD, or a NT4 PDC.  In 
my experience, it will not send a password across in the clear.  Set the 
"Log Level" registry key to 1 for Password Sync, then restart the 
service.  You will see that it complains about SSL needing to be setup 
from the passsync.log.  You can also take a look at the access log on 
the FDS side, and you won't see any connections from PassSync unless SSL 
is setup.

David noted that passwords will not sync the other way without SSL 
either.  I haven't verified this myself, but I'll take his word on it.

-NGK

>Cu
>Hartmut
>
>  
>

-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 3174 bytes
Desc: S/MIME Cryptographic Signature
URL: <http://listman.redhat.com/archives/fedora-directory-users/attachments/20051207/6116b627/attachment.bin>

More information about the Fedora-directory-users mailing list