[Freeipa-users] AD - Freeipa trust confusion
Andrew Holway
andrew.holway at gmail.com
Thu Jan 2 12:38:34 UTC 2014
I have gotten a little further along with this but am having problems
connecting to the AD LDAP.
[root at ipa.wibble.com cacerts]# ipa-replica-manage connect --winsync
--binddn cn=administrator,cn=users,dc=prattle,dc=com --bindpw
X9deiX9dei --passsync X9deiX9dei --cacert
/etc/openldap/cacerts/prattle.crt win-5uglhak7rin.prattle.com. -vvv
Directory Manager password:
Added CA certificate /etc/openldap/cacerts/prattle.crt to certificate
database for ipa.wibble.com
ipa: INFO: Failed to connect to AD server win-5uglhak7rin.prattle.com.
ipa: INFO: The error was: {'info': '00000000: LdapErr: DSID-0C090E17,
comment: Error initializing SSL/TLS, data 0, v1db1', 'desc': 'Server
is unavailable'}
Failed to setup winsync replication
On 1 January 2014 22:27, Andrew Holway <andrew.holway at gmail.com> wrote:
> Hello,
>
> I am attempting to set up trust between my test freeipa server at
> ipa.wibble.com. and my test AD server at win-5uglhak7rin.prattle.com.
>
> In the GUI I can see the following in "Trusts » prattle.com".
>
> Realm name: prattle.com
> Domain NetBIOS name: PRATTLE
> Domain Security Identifier: S-1-5-21-2812083513-4116408788-3699662436
> Trust direction: Two-way trust
> Trust type: Active Directory domain
>
> However I cant see any of the AD users that I have created nor can I
> log on to any of the systems under my freeipa realm.
>
> Jan 1 20:50:30 host002 sshd[9959]: Failed password for invalid user
> bob from 10.51.120.1 port 55101 ssh2
>
> I haven't actually done anything to AD to facilitate this trust. Its
> not particularly clear what should be done.
>
> Many thanks,
>
> Andrew
More information about the Freeipa-users
mailing list