ok. I started from scratch this week on this and I think I've got the right doc and understand better where this is going. My problem now is that when configuring SSL on the AD server (step c in this url:
<a href="http://docs.redhat.com/docs/en-US/Red_Hat_Directory_Server/8.2/html-single/Administration_Guide/index.html#Install_and_Configure_the_Password_Sync_Service" target="_blank">http://docs.redhat.com/docs/en-US/Red_Hat_Directory_Server/8.2/html-single/Administration_Guide/index.html#Install_and_Configure_the_Password_Sync_Service</a> )<div>
I get this error: </div><div><br></div><div><div>certreq -submit request.req certnew.cer</div><div>Active Directory Enrollment Policy</div><div> {25DDA1E7-3A99-4893-BA32-9955AC9EAC42}</div><div> ldap:</div><div>RequestId: 3</div>
<div>RequestId: "3"</div><div>Certificate not issued (Denied) Denied by Policy Module 0x80094801, The request does not contain a certificate template extension or the CertificateTemplate request attribute.</div>
<div> The request contains no certificate template information. 0x80094801 <a href="tel:%28-2146875391" value="+12146875391" target="_blank">(-2146875391</a>)</div><div>Certificate Request Processor: The request contains no certificate template information. 0x80094801 <a href="tel:%28-2146875391" value="+12146875391" target="_blank">(-2146875391</a>)</div>
<div>
Denied by Policy Module 0x80094801, The request does not contain a certificate template extension or the CertificateTemplate request attribute.</div><div><br></div><div>The RH doc says to use the browser if an error occurs and IIS is running but I'm not running IIS. I researched that error but didn't find anything that helps with FreeIPA and passsync.</div>
<div><br></div><div>Jimmy</div><div><br><div class="gmail_quote">On Wed, Jan 11, 2012 at 3:32 PM, Rich Megginson <span dir="ltr"><<a href="mailto:rmeggins@redhat.com" target="_blank">rmeggins@redhat.com</a>></span> wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
<u></u>
<div bgcolor="#ffffff" text="#000000"><div>
On 01/11/2012 11:22 AM, Jimmy wrote:
<blockquote type="cite">We need to be able to replicate user/pass between
Windows 2008 AD and FreeIPA.</blockquote>
<br></div>
That's what IPA Windows Sync is supposed to do.<div><br>
<br>
<blockquote type="cite">I have followed many different documents and posted
here about it and from what I've read and procedures I've followed
we are unable to accomplish this.</blockquote>
<br></div>
What have you tried, and what problems have you run into?<br>
<br>
<blockquote type="cite"><div>It doesn't need to be a full trust.
<div>
<br>
</div>
<div>Thanks<br>
<br>
<div class="gmail_quote">On Tue, Jan 10, 2012 at 3:03 AM, Jan
Zelený <span dir="ltr"><<a href="mailto:jzeleny@redhat.com" target="_blank">jzeleny@redhat.com</a>></span>
wrote:<br>
<blockquote class="gmail_quote" style="margin:0pt 0pt 0pt 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">
<div>
<div>> Just wondering if there was anyone listening on
the list that might be<br>
> available for little work integrating FreeIPA with
Active Directory<br>
> (preferrably in the south east US.) I hope this
isn't against the list<br>
> rules, I just thought one of you guys could help or
point me in the right<br>
> direction.<br>
<br>
</div>
</div>
If you want some help, it is certainly not against list
rules ;-) But in that<br>
case, it would be much better if you asked what exactly do
you need.<br>
<br>
I'm not an AD expert, but a couple tips: If you are looking
for cross-domain<br>
(cross-realm) trust, then you might be a bit disappointed,
it is still in<br>
development, so it probably won't be 100% functional at this
moment.<br>
<br>
If you are looking for something else, could you be a little
more specific what<br>
it is?<br>
<br>
I also recommend starting with reading some doc:<br>
<a href="http://freeipa.org/page/DocumentationPortal" target="_blank">http://freeipa.org/page/DocumentationPortal</a><br>
<br>
Thanks<br>
<span><font color="#888888">Jan<br>
</font></span></blockquote>
</div>
<br>
</div>
</div><pre><fieldset></fieldset>
_______________________________________________
Freeipa-users mailing list
<a href="mailto:Freeipa-users@redhat.com" target="_blank">Freeipa-users@redhat.com</a>
<a href="https://www.redhat.com/mailman/listinfo/freeipa-users" target="_blank">https://www.redhat.com/mailman/listinfo/freeipa-users</a></pre>
</blockquote>
<br>
</div>
</blockquote></div><br>
</div></div>