<html>
<head>
<meta content="text/html; charset=ISO-8859-1"
http-equiv="Content-Type">
</head>
<body bgcolor="#FFFFFF" text="#000000">
On 05/16/2012 04:33 PM, Kline, Sara wrote:
<blockquote
cite="mid:C0C9408742654B429ECD3D1FF11A118D16EB7AB78D@TNS-MAIL-NA1.win2k.corp.tnsi.com"
type="cite">
<meta http-equiv="Content-Type" content="text/html;
charset=ISO-8859-1">
<meta name="Generator" content="Microsoft Word 14 (filtered
medium)">
<style><!--
/* Font Definitions */
@font-face
{font-family:Calibri;
panose-1:2 15 5 2 2 2 4 3 2 4;}
@font-face
{font-family:"Colonna MT";
panose-1:4 2 8 5 6 2 2 3 2 3;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0in;
margin-bottom:.0001pt;
font-size:11.0pt;
font-family:"Calibri","sans-serif";}
a:link, span.MsoHyperlink
{mso-style-priority:99;
color:blue;
text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
{mso-style-priority:99;
color:purple;
text-decoration:underline;}
span.EmailStyle17
{mso-style-type:personal-compose;
font-family:"Calibri","sans-serif";
color:windowtext;}
.MsoChpDefault
{mso-style-type:export-only;
font-family:"Calibri","sans-serif";}
@page WordSection1
{size:8.5in 11.0in;
margin:1.0in 1.0in 1.0in 1.0in;}
div.WordSection1
{page:WordSection1;}
--></style><!--[if gte mso 9]><xml>
<o:shapedefaults v:ext="edit" spidmax="1026" />
</xml><![endif][if gte mso 9]><xml>
<o:shapelayout v:ext="edit">
<o:idmap v:ext="edit" data="1" />
</o:shapelayout></xml><![endif]-->
<div class="WordSection1">
<p class="MsoNormal">Hey all,<o:p></o:p></p>
<p class="MsoNormal">FreeIPA has been very simple to setup so
far, I have been able to follow along with the documentation
every step of the way. I am running into an issue however when
trying to set up replication between the Red Hat 6.2 server
running FreeIPA and the Win 2008 R2 server running Active
Directory. I created the replication user like the
instructions say and gave it the necessary permissions,
however when I try to set up the agreement, it tells me I am
using invalid credentials. I am unsure of what I should do at
this point? SSL Certs are installed on both and trusted on
both, the servers are connected and both are synced to the
same time source. Can anyone think of anything else?<o:p></o:p></p>
<p class="MsoNormal">I am using the command as follows:<o:p></o:p></p>
<p class="MsoNormal">Ipa-replica-manage connect –winsync<o:p></o:p></p>
<p class="MsoNormal">--binddn
cn=freeipa,cn=users,dc=prod,dc=example,dc=com<o:p></o:p></p>
<p class="MsoNormal">--bindpw mypassword<o:p></o:p></p>
<p class="MsoNormal">--passsync mypassword<o:p></o:p></p>
<p class="MsoNormal">--cacert
/etc/openldap/cacerts/winadcert.cer<o:p></o:p></p>
<p class="MsoNormal">oly-infra-ldap2.prod.example.com</p>
</div>
</blockquote>
<br>
You can use ldapsearch to test the connection with AD:<br>
<br>
LDAPTLS_CACERTDIR=/etc/dirsrv/slapd-YOUR-DOMAIN ldapsearch -xLLL -H
<a class="moz-txt-link-freetext" href="ldap://oly-infra-ldap2.prod.example.com">ldap://oly-infra-ldap2.prod.example.com</a> -ZZ -D
"cn=freeipa,cn=users,dc=prod,dc=example,dc=com" -w mypassword<o:p>
-s base -b "" 'objectclass=*' namingcontexts<br>
<br>
This assumes<br>
1) oly-infra-ldap2.prod.example.com is the correct FQDN of your AD
machine<br>
2) cn=freeipa,cn=users,dc=prod,dc=example,dc=com is a valid AD
user in AD<br>
3) </o:p>mypassword is the correct password and doesn't need to
be quoted for the shell<br>
<br>
<blockquote
cite="mid:C0C9408742654B429ECD3D1FF11A118D16EB7AB78D@TNS-MAIL-NA1.win2k.corp.tnsi.com"
type="cite">
<div class="WordSection1">
<p class="MsoNormal"><o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal"><span
style="font-size:14.0pt;font-family:"Colonna MT"">Sara
Kline<o:p></o:p></span></p>
<p class="MsoNormal"><span
style="font-size:14.0pt;font-family:"Colonna MT"">System
Administrator<o:p></o:p></span></p>
<p class="MsoNormal"><span
style="font-size:14.0pt;font-family:"Colonna MT"">Transaction
Network Services, Inc<o:p></o:p></span></p>
<p class="MsoNormal"><span
style="font-size:14.0pt;font-family:"Colonna MT"">4501
Intelco Loop, Lacey WA 98503<o:p></o:p></span></p>
<p class="MsoNormal"><span
style="font-size:14.0pt;font-family:"Colonna MT"">Wk:
(360) 493-6736<o:p></o:p></span></p>
<p class="MsoNormal"><span
style="font-size:14.0pt;font-family:"Colonna MT"">Cell:
(360) 280-2495<o:p></o:p></span></p>
<p class="MsoNormal"><o:p> </o:p></p>
</div>
<br>
<hr>
<font color="Gray" face="Arial" size="1">This e-mail message is
for the sole use of the intended recipient(s)and may<br>
contain confidential and privileged information of Transaction
Network Services.<br>
Any unauthorised review, use, disclosure or distribution is
prohibited. If you<br>
are not the intended recipient, please contact the sender by
reply e-mail and destroy all copies of the original message.<br>
<br>
</font>
<br>
<fieldset class="mimeAttachmentHeader"></fieldset>
<br>
<pre wrap="">_______________________________________________
Freeipa-users mailing list
<a class="moz-txt-link-abbreviated" href="mailto:Freeipa-users@redhat.com">Freeipa-users@redhat.com</a>
<a class="moz-txt-link-freetext" href="https://www.redhat.com/mailman/listinfo/freeipa-users">https://www.redhat.com/mailman/listinfo/freeipa-users</a></pre>
</blockquote>
<br>
</body>
</html>