First of all I have to mention that Windows Users & Groups were
created before Fedora Directory was installed, so when FDS was
installed I started up with replicated windows users in FDS without
passwords being synchronized. Therefore, the scenario is a Windows
tree with users (with passwords) & groups and FDS with users and
groups replicated without their passwords.
I am trying to define a mechanism to reset every password in both
directories so they begin to work synchronized.
Doing some tests, I realized that a change made in Windows is
replicated into FDS binding as the users subject of change, so as the
entry doesn't have it's password, the following lines are logged in
FDS access log:
I haven't found any documentation about inbound changes, specifically
password change, being done as the same user subject of the change. Is
Yes. That's how it verifies the new password is valid.
So, how can I do to define a procedure for initializing both
I'm not sure what you mean. For passwords, you just need to set/reset
the clear text password on either side, either the AD side or the
Fedora DS side. Assuming you have windows sync and password sync
configured correctly, setting/resetting the clear text password on AD
will sync it to Fedora DS, and vice versa.
The problem is that Active Directory Passwords were setted before FDS
was installed. So, the initial synchronization of passwords didn't set
FDS passwords, so changing the passwords in Active Directory will not
update FDS passwords because of its way to sync passwords, ie binding
to FDS as the user whose password is changed.
The only way to change passwords in both directories for users
synchronized in Active Directory is resetting their passwords only in
FDS, not in Windows because of the binding issue I mentioned.