[Freeipa-users] synchronizing with AD
Jimmy
g17jimmy at gmail.com
Fri Nov 11 21:23:25 UTC 2011
I do have the AD SSL cert installed, but from how I read it, I need to
install the cert from the FreeIPA DS into Windows AD certificate store.
On Fri, Nov 11, 2011 at 3:33 PM, Rich Megginson <rmeggins at redhat.com> wrote:
> **
> On 11/11/2011 01:11 PM, Jimmy wrote:
>
> I am trying to get FreeIPA synchronizing with AD. The instructions I have
> found on the web go through setting up SSL for passsync, but they all
> reference installing the CA cert from the Directory Server without
> specifying how to go about getting the DS CA cert. I found a couple links
> on how to export the CA cert but they didn't work as described.
>
> (step 'f' in this link)
>
> https://docs.fedoraproject.org/en-US/Fedora/15/html/FreeIPA_Guide/Setting_up_Active_Directory.html#
>
> Step f isn't necessary. And it is usually not necessary to manually setup
> AD for SSL. If you install the Microsoft Cert System in Enterprise Root CA
> mode, it will usually create and install the AD SSL cert automatically.
>
> This link
> http://docs.redhat.com/docs/en-US/Red_Hat_Directory_Server/8.2/html-single/Administration_Guide/index.html#Configuring_Windows_Sync-Install_the_Password_Sync_Serviceexplains a bit more about how to set up PassSync to use SSL to talk to IPA
> (i.e. how and where to install the IPA CA cert for use by PassSync). Note
> that AD itself doesn't talk to IPA - it's only the PassSync "AD plugin"
> that talks to IPA, and only for the purpose of sending the clear text
> password changes from AD to IPA.
>
>
> _______________________________________________
> Freeipa-users mailing listFreeipa-users at redhat.comhttps://www.redhat.com/mailman/listinfo/freeipa-users
>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20111111/2c574270/attachment.htm>
More information about the Freeipa-users
mailing list