[Fedora-directory-users] Windows Active Directory sync Help!

Rich Megginson rmeggins at redhat.com
Wed Jan 9 18:09:54 UTC 2008 

kiran madala wrote:
> I am using  Fedora 1.1 on Fedora 6 x86 machine.  When i fill in the entries and click next a message pops up saying "Unable to connet to Active Directory server, continue?".  Also in the domain controller host field can I specify the IP address of the machine?. 
>
> The error log for DS server is below. The IP is the windows xp machine on whcih I am  runnign the remote DS console.
>
> [Wed Jan 09 09:15:08 2008] [notice] [client 192.168.8.241] admserv_host_ip_check: ap_get_remote_host could not resolve 192.168.8.241
> <snip<
>   
Actually, this is the error log for the admin server.  The error log for 
the directory server is in /var/log/dirsrv/slapd-INSTANCE where instance 
is your instance name.

The console might be failing to connect to AD because the console has a 
separate key/cert db under ~/.fedora-idm-console (in 1.1).  You may need 
to add the CA cert in this directory too:

certutil -A -d ~/.fedora-idm-console -n "CA certificate" -t "CT,," -a -i /path/to/cacert.asc

> ----------------------------------------
>   
>> Date: Wed, 9 Jan 2008 10:52:05 -0700
>> From: rmeggins at redhat.com
>> To: fedora-directory-users at redhat.com
>> Subject: Re: [Fedora-directory-users] Windows Active Directory sync Help!
>>
>> kiran madala wrote:
>>     
>>> As far I understand by reading docs again that the user specified in the Syn agreement and Bind DN should be same and exist on Active directory with Domain Admin privileges.  But I have other issues now.
>>>
>>> The DS server is unable to connect to my AD.
>>>       
>> What error messages are you getting?  Check the error log.
>>
>> You can also try using ldapsearch.  Are you using Fedora DS 1.1 or 
>> 1.0.4?  What OS?
>>     
>>> I enabled SSL by copying the same root certificate into AD and also generating a server certificate and opened up ports in firewall. Am I missing something like allowing client Authentication on the AD machine?
>>>   
>>>       
>> You don't need to use cert based client auth.  You can use regular 
>> username/password auth over TLS/SSL.
>>     
>>> My currents certificates are as follows.
>>>
>>> DS has its own server certificate
>>> AD has its own server  certificate
>>> ALL 3 servers AS,DS and AD have the same CA root certificate
>>>
>>>
>>>
>>> ----------------------------------------
>>>   
>>>       
>>>> From: kirankmadala at hotmail.com
>>>> To: fedora-directory-users at redhat.com
>>>> Date: Wed, 9 Jan 2008 10:35:00 -0400
>>>> Subject: [Fedora-directory-users] Windows Active Directory sync Help!
>>>>
>>>>
>>>> Hello,
>>>>
>>>> I am trying to sync the DS with AD. Since I am new to AD and DS I have few questions.
>>>>
>>>> I want to synchronize only users and groups so Is it necessary to enable SSL on Active Directory and connect to Active directory through SSL?
>>>>
>>>> In the replica settings the supplier DN user need to be on both AD and DS with should be a Domain admin of the AD?
>>>>
>>>> When trying to synchronize with AD the bind DN (In screen shot) user should be in both AD and DS?
>>>>
>>>>
>>>> I have attached the screen shot of my final DS agreement window. I believe currently it is defined to synchronize users what changes I need to make it synchronize groups aswell.
>>>>
>>>> Thanks in advance
>>>> _________________________________________________________________
>>>> Exercise your brain! Try Flexicon!
>>>> http://puzzles.sympatico.msn.ca/chicktionary/index.html?icid=htmlsig
>>>>     
>>>>         
>>> _________________________________________________________________
>>> Use fowl language with Chicktionary. Click here to start playing!
>>> http://puzzles.sympatico.msn.ca/chicktionary/index.html?icid=htmlsig
>>>
>>> --
>>> Fedora-directory-users mailing list
>>> Fedora-directory-users at redhat.com
>>> https://www.redhat.com/mailman/listinfo/fedora-directory-users
>>>   
>>>       
>
> _________________________________________________________________
> Read what Santa`s been up to! For all the latest, visit asksantaclaus.spaces.live.com!
> http://asksantaclaus.spaces.live.com/
>
> --
> Fedora-directory-users mailing list
> Fedora-directory-users at redhat.com
> https://www.redhat.com/mailman/listinfo/fedora-directory-users
>   

-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 3245 bytes
Desc: S/MIME Cryptographic Signature
URL: <http://listman.redhat.com/archives/fedora-directory-users/attachments/20080109/378e3ffa/attachment.bin>

More information about the Fedora-directory-users mailing list