[Freeipa-users] synchronizing with AD
Rich Megginson
rmeggins at redhat.com
Fri Nov 11 21:31:30 UTC 2011
On 11/11/2011 02:23 PM, Jimmy wrote:
> I do have the AD SSL cert installed, but from how I read it, I need to
> install the cert from the FreeIPA DS into Windows AD certificate store.
Perhaps for something else, but for windows sync/passsync, you do not
need to install the cert from the FreeIPA DS into Windows AD certificate
store.
>
> On Fri, Nov 11, 2011 at 3:33 PM, Rich Megginson <rmeggins at redhat.com
> <mailto:rmeggins at redhat.com>> wrote:
>
> On 11/11/2011 01:11 PM, Jimmy wrote:
>> I am trying to get FreeIPA synchronizing with AD. The
>> instructions I have found on the web go through setting up SSL
>> for passsync, but they all reference installing the CA cert from
>> the Directory Server without specifying how to go about getting
>> the DS CA cert. I found a couple links on how to export the CA
>> cert but they didn't work as described.
>>
>> (step 'f' in this link)
>> https://docs.fedoraproject.org/en-US/Fedora/15/html/FreeIPA_Guide/Setting_up_Active_Directory.html#
> Step f isn't necessary. And it is usually not necessary to
> manually setup AD for SSL. If you install the Microsoft Cert
> System in Enterprise Root CA mode, it will usually create and
> install the AD SSL cert automatically.
>
> This link
> http://docs.redhat.com/docs/en-US/Red_Hat_Directory_Server/8.2/html-single/Administration_Guide/index.html#Configuring_Windows_Sync-Install_the_Password_Sync_Service
> explains a bit more about how to set up PassSync to use SSL to
> talk to IPA (i.e. how and where to install the IPA CA cert for use
> by PassSync). Note that AD itself doesn't talk to IPA - it's only
> the PassSync "AD plugin" that talks to IPA, and only for the
> purpose of sending the clear text password changes from AD to IPA.
>>
>>
>> _______________________________________________
>> Freeipa-users mailing list
>> Freeipa-users at redhat.com <mailto:Freeipa-users at redhat.com>
>> https://www.redhat.com/mailman/listinfo/freeipa-users
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20111111/25d4c711/attachment.htm>
More information about the Freeipa-users
mailing list