I'm currently flying back from FOSDEM, so please forgive me for a short answer but I do not recommend you to add unicodepwd storage. That's most likely will not help you and will only complicate things when we merge the global catalog work we do.
There are still missing parts in FreeIPA and Samba that would have helped to make two way trust part properly working. Adding unicodepwd is not one of them, for sure.
----- Lucas Diedrich via FreeIPA-users freeipa-users@lists.fedorahosted.org wrote:
Rob, can you confirm if this website https://www.freeipa.org/page/Build is the default guide for building freeipa ?
Em qui., 30 de jan. de 2020 às 16:34, Rob Crittenden rcritten@redhat.com escreveu:
Lucas Diedrich wrote:
Rob, is this what you talking about?
https://github.com/freeipa/freeipa/tree/master/daemons/ipa-slapi-plugins ?
Yes, in ipa-pwd-extop. When a password change comes in we grab the cleartext and generate the other keys from it so that all the passwords in IPA are in sync.
rob
Em qui., 30 de jan. de 2020 às 15:41, Rob Crittenden <rcritten@redhat.com mailto:rcritten@redhat.com> escreveu:
Lucas Diedrich via FreeIPA-users wrote: > Thanks RC, right now i'm using lsc-project.org <http://lsc-project.org> <http://lsc-project.org> > for that, it has some technical flaws but actually works. > > I thought about migrating all users to AD and use passsync, to replicate > the password but i didn't know that it was closed to redhat > subscription. Also thought about creating the plugin over Directory 389 > but the documentation doesn't seem easy to-do. > > Actually i'm strungling to maintain my Freeipa Server with 11k
userss
> as the principal manager over here. You could probably extend the IPA password plugin to write the UnicodePwd attribute in the correct format. There are existing
examples
in the code such as setting the sambaNTPassword attribute. rob > > Thanks. > > > > Em qua., 29 de jan. de 2020 às 15:59, Rob Crittenden > <rcritten@redhat.com <mailto:rcritten@redhat.com> <mailto:rcritten@redhat.com <mailto:rcritten@redhat.com>>> escreveu: > > LUCAS GUILHERME DIEDRICH via FreeIPA-users wrote: > > Hello guys, is there any change for storing the password over > freeipa it generate an password with the unicodepwd format? > > No, it is not supported currently. > > > > > I'm still trying to replicate some users from freeipa to AD,
i
> would like to mantain my Freeipa as the principal manager for users > and groups. > > How are you replicating IPA users to AD? > > rob > > > > _______________________________________________ > FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org <mailto:freeipa-users@lists.fedorahosted.org> > To unsubscribe send an email to freeipa-users-leave@lists.fedorahosted.org <mailto:freeipa-users-leave@lists.fedorahosted.org> > Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ > List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines > List Archives:
https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedorahoste...
>