[Fedora-directory-users] Installing passsync in a AD domain with multiple domain controllers?
Howard Wilkinson
howard at cohtech.com
Thu Aug 23 09:24:03 UTC 2007
I think I have worked this out but want ot make sure I have got it correct!
Whereas the sync agreement for the FDS <-> AD is from a single FDS
server to a single AD domain controller the Passsync facilitiy needs to
be installed on all Domain Controllers (am I right?)
The reason for this is that the password is hashed before injection into
the AD and propagated to other DC's so it is then useless to the
Passsync code. The hook therefore needs to be on the DC that receives
the password change, which can be any DC in the environment....
A further concern arises with a multi-master FDS and a multiple DC AD.
Can the system be set up with multiple FDS <-> AD sync agreements and
still allow the results to propagate within the FDS. This would make
sense from a fault-tolerant perspective, and off-hand I think the
replications should preserve behaviour, but can anybody spot a problem?
--
Howard Wilkinson
Phone:
+44(20)76907075
Coherent Technology Limited
Fax:
23 Northampton Square,
Mobile:
+44(7980)639379
United Kingdom, EC1V 0HL
Email:
howard at cohtech.com
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/fedora-directory-users/attachments/20070823/d8a8ac08/attachment.htm>
More information about the Fedora-directory-users
mailing list