[Freeipa-users] consulting?

Jimmy g17jimmy at gmail.com
Thu Jan 19 21:59:53 UTC 2012 

ok. I started from scratch this week on this and I think I've got the right
doc and understand better where this is going. My problem now is that when
configuring SSL on the AD server (step c in this url:
http://docs.redhat.com/docs/en-US/Red_Hat_Directory_Server/8.2/html-single/Administration_Guide/index.html#Install_and_Configure_the_Password_Sync_Service
 )
I get this error:

certreq -submit request.req certnew.cer
Active Directory Enrollment Policy
  {25DDA1E7-3A99-4893-BA32-9955AC9EAC42}
  ldap:
RequestId: 3
RequestId: "3"
Certificate not issued (Denied) Denied by Policy Module  0x80094801, The
request does not contain a certificate template extension or the
CertificateTemplate request attribute.
 The request contains no certificate template information. 0x80094801
(-2146875391)
Certificate Request Processor: The request contains no certificate template
information. 0x80094801 (-2146875391)
 Denied by Policy Module  0x80094801, The request does not contain a
certificate template extension or the CertificateTemplate request attribute.

The RH doc says to use the browser if an error occurs and IIS is running
but I'm not running IIS. I researched that error but didn't find anything
that helps with FreeIPA and passsync.

Jimmy

On Wed, Jan 11, 2012 at 3:32 PM, Rich Megginson <rmeggins at redhat.com> wrote:

> **
> On 01/11/2012 11:22 AM, Jimmy wrote:
>
> We need to be able to replicate user/pass between Windows 2008 AD and
> FreeIPA.
>
>
> That's what IPA Windows Sync is supposed to do.
>
>
> I have followed many different documents and posted here about it and from
> what I've read and procedures I've followed we are unable to accomplish
> this.
>
>
> What have you tried, and what problems have you run into?
>
> It doesn't need to be a full trust.
>
>  Thanks
>
> On Tue, Jan 10, 2012 at 3:03 AM, Jan Zelený <jzeleny at redhat.com> wrote:
>
>>  > Just wondering if there was anyone listening on the list that might be
>> > available for little work integrating FreeIPA with Active Directory
>> > (preferrably in the south east US.) I hope this isn't against the list
>> > rules, I just thought one of you guys could help or point me in the
>> right
>> > direction.
>>
>>  If you want some help, it is certainly not against list rules ;-) But
>> in that
>> case, it would be much better if you asked what exactly do you need.
>>
>> I'm not an AD expert, but a couple tips: If you are looking for
>> cross-domain
>> (cross-realm) trust, then you might be a bit disappointed, it is still in
>> development, so it probably won't be 100% functional at this moment.
>>
>> If you are looking for something else, could you be a little more
>> specific what
>> it is?
>>
>> I also recommend starting with reading some doc:
>> http://freeipa.org/page/DocumentationPortal
>>
>> Thanks
>> Jan
>>
>
>
> _______________________________________________
> Freeipa-users mailing listFreeipa-users at redhat.comhttps://www.redhat.com/mailman/listinfo/freeipa-users
>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20120119/e0f2ecb1/attachment.htm>

More information about the Freeipa-users mailing list