[Freeipa-users] Freeipa Synchronisation with AD server issues
ian.harper at vaisala.com
ian.harper at vaisala.com
Thu Apr 21 13:09:05 UTC 2016
I am following the various Fedora guides for installing Freeipa with sync of users/passwords from AD server.
https://docs.fedoraproject.org/en-US/Fedora/18/html/FreeIPA_Guide/managing-sync-agmt.html
Hoiwever the documentation says "Active Directory CA certificate needs to be imported into the FreeIPA database" my windows colleague at head office says:
There is no CA in XXXXXX domain, so I can't provide any certificates to you from there.
This seems to be a LDAPS connection, and it will work if we use certificate that is trusted by both of the servers.
I can sign the server with our internal CA and provide this to you.
or
We can sign both servers with Vaisala CA, and use these certificates.
To use this setup, I'll need a CSR from IPA
Also, you have to download and install our root and intermediate CA's to IPA server, so it will trust certificates signed by those.
Not being that familiar with certs and with FreeIPA I have got a bit stuck on what I should do in order to resolve this and get the FreeIPA up and syncronised to one of our AD servers, can anyone offer some suggestions please ? he has sent me the ROOT and Intermediate Certs for the domain server.
Thanks
Ian
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20160421/aeb627e5/attachment.htm>
More information about the Freeipa-users
mailing list