[Freeipa-users] IPA+AD sync error
Shan Kumaraswamy
shan.sysadm at gmail.com
Mon Aug 16 13:41:31 UTC 2010
Hi,
I have deployed FreeIPA 1.2.1 in RHEL 5.5 and I want to sync with Active
Directory (windows 2008 R2). Can please anyone have step-by-step
configuration doc and share to me? Previously I have done the same exercise,
but now that is not working for me and I am facing lot of challenges to make
this happen.
Please find the steps what exactly I done so for:
1. Installed RHDS 8.1 and FreeIPA 1.2.1 and configured properly and
tested its working fine
2. In AD side, installed Active Directory certificate Server as a
Enterprise Root
3. Copy the “cacert.p12” file and imported under Certificates –Service
(Active Directory Domain service) on Local Computer using MMC.
4. Installed PasSync.msi file and given all the required information
5. Run the command “certutil -d . -L -n "CA certificate" -a >
dsca.crt” from IPA server and copied the .crt file in to AD server and ran
this command from “cd "C:\Program Files\Red Hat Directory Password
Synchronization"
6. certutil.exe -d . -N
7. certutil.exe -d . -A -n "DS CA cert" -t CT,, -a -i
\path\to\dsca.crt
8. certutil.exe -d . -L -n "DS CA cert" and rebooted the AD server.
After this steps, when try to create sync agreement from IPA server I am
getting this error:
ldap_simple_bind: Can't contact LDAP server
SSL error -8179 (Peer's Certificate issuer is not recognized.)
Please share the steps to configure AD Sync with IPA server.
--
Thanks & Regards
Shan Kumaraswamy
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20100816/3f86cf38/attachment.htm>
More information about the Freeipa-users
mailing list