[Freeipa-users] AD setup failure
Rich Megginson
rmeggins at redhat.com
Tue Mar 29 20:04:58 UTC 2011
On 03/29/2011 02:02 PM, Steven Jones wrote:
> Hi,
>
> My Windows person suggests because this is a self signed cert, the client needs to be forced to trust it....?
can you paste the output of
openssl x509 -in /home/jonesst1/domaincert.cer -text
?
> regards
>
> Steven
> ________________________________________
> From: Rob Crittenden [rcritten at redhat.com]
> Sent: Wednesday, 30 March 2011 2:50 a.m.
> To: Steven Jones
> Cc: freeipa-users at redhat.com
> Subject: Re: [Freeipa-users] AD setup failure
>
> Steven Jones wrote:
>> Got a bit further.......I was missing "--passsync"
> I think you were using the V1 documentation. The "Enterprise Identity
> Management Guide" is what you want off freeipa.org in the Documentation
> section.
>
>> [root at fed14-64-ipam001 samba]# ipa-replica-manage connect --winsync --binddn cn=administrator,cn=users,dc=ipa,dc-ac,dc=nz \--bindpw Qsmith51B --cacert /home/jonesst1/domaincert.cer dc0001.ipa.ac.nz -v
>> ipa: ERROR: The arguments --binddn, --bindpw, --passsync and --cacert are required to create a winsync agreement
>> [root at fed14-64-ipam001 samba]# ipa-replica-manage connect --winsync --binddn cn=administrator,cn=users,dc=ipa,dc-ac,dc=nz \--bindpw Qsmith51B --passsync Qsmith51B --cacert /home/jonesst1/domaincert.cer dc0001.ipa.ac.nz -v
>> Added CA certificate /home/jonesst1/domaincert.cer to certificate database for fed14-64-ipam001.ipa.ac.nz
>> ipa: INFO: Failed to connect to AD server dc0001.ipa.ac.nz
>> ipa: INFO: The error was: {'info': 'TLS error -8179:Unknown code ___f 13', 'desc': 'Connect error'}
>> unexpected error: Failed to setup winsync replication
>> [root at fed14-64-ipam001 samba]# host dc0001.ipa.ac.nz
>> dc0001.ipa.ac.nz has address 192.168.101.2
>> [root at fed14-64-ipam001 samba]#
>>
>> But still isnt working.........
> I think you have the wrong AD cert. -8179 translates to "Certificate is
> signed by an unknown issuer". Can you verify that you have the AD CA
> certificate?
>
> rob
>
> _______________________________________________
> Freeipa-users mailing list
> Freeipa-users at redhat.com
> https://www.redhat.com/mailman/listinfo/freeipa-users
More information about the Freeipa-users
mailing list