[Freeipa-users] synchronizing with AD

Rich Megginson rmeggins at redhat.com
Fri Nov 11 21:31:30 UTC 2011 

On 11/11/2011 02:23 PM, Jimmy wrote:
> I do have the AD SSL cert installed, but from how I read it, I need to 
> install the cert from the FreeIPA DS into Windows AD certificate store.
Perhaps for something else, but for windows sync/passsync, you do not 
need to install the cert from the FreeIPA DS into Windows AD certificate 
store.
>
> On Fri, Nov 11, 2011 at 3:33 PM, Rich Megginson <rmeggins at redhat.com 
> <mailto:rmeggins at redhat.com>> wrote:
>
>     On 11/11/2011 01:11 PM, Jimmy wrote:
>>     I am trying to get FreeIPA synchronizing with AD. The
>>     instructions I have found on the web go through setting up SSL
>>     for passsync, but they all reference installing the CA cert from
>>     the Directory Server without specifying how to go about getting
>>     the DS CA cert. I found a couple links on how to export the CA
>>     cert but they didn't work as described.
>>
>>     (step 'f' in this link)
>>     https://docs.fedoraproject.org/en-US/Fedora/15/html/FreeIPA_Guide/Setting_up_Active_Directory.html#
>     Step f isn't necessary.  And it is usually not necessary to
>     manually setup AD for SSL.  If you install the Microsoft Cert
>     System in Enterprise Root CA mode, it will usually create and
>     install the AD SSL cert automatically.
>
>     This link
>     http://docs.redhat.com/docs/en-US/Red_Hat_Directory_Server/8.2/html-single/Administration_Guide/index.html#Configuring_Windows_Sync-Install_the_Password_Sync_Service
>     explains a bit more about how to set up PassSync to use SSL to
>     talk to IPA (i.e. how and where to install the IPA CA cert for use
>     by PassSync).  Note that AD itself doesn't talk to IPA - it's only
>     the PassSync "AD plugin" that talks to IPA, and only for the
>     purpose of sending the clear text password changes from AD to IPA.
>>
>>
>>     _______________________________________________
>>     Freeipa-users mailing list
>>     Freeipa-users at redhat.com  <mailto:Freeipa-users at redhat.com>
>>     https://www.redhat.com/mailman/listinfo/freeipa-users
>
>

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20111111/25d4c711/attachment.htm>

More information about the Freeipa-users mailing list