On Thu, 13 Oct 2011, Rob Crittenden wrote:
> Added more detailed information on creating a winsync replica to the
> ipa-replica-manage man page.

> +Creating a Windows AD Synchronization agreement is similar to creating an 
> IPA replication agreement, there are just a couple of extra steps:
> +.TP
> +1. Transfer the base64\-encoded Windows AD CA Certficate to your IPA Server
> +.TP
> +2. Remove any existing kerberos credentials
> +  # kdestroy
> +.TP
> +3) Add the winsync replication agreement
> + # ipa\-replica\-manage connect \-\-winsync 
> \-\-passsync=<bindpwd_for_syncuser_that will_be_used_for_agreement> 
> \-\-cacert=/path/to/adscacert/WIN\-CA.cer \-\-binddn 
> "cn=administrator,cn=users,dc=ipa,dc=qe" \-\-bindpw 
> <ads_administrator_password> \-v <adserver.fqdn>
Could you please make DN similar to what is below? There will be 
confusion:

> +.TP
> +You will be prompted to supply the Directory Manager's password.
> +.TP
> +Create a winsync replication agreement:
> +
> + # ipa\-replica\-manage connect \-\-winsync \-\-passsync=MySecret
> +\-\-cacert=/root/WIN\-CA.cer \-\-binddn 
> "cn=administrator,cn=users,dc=ad,dc=example,dc=com"
> +\-\-bindpw MySecret \-v windows.ad.example.com
> +
> +.TP
> +Remove a winsync replication agreement:
> + # ipa\-replica\-manage disconnect windows.ad.example.com
>  .SH "EXIT STATUS"
>  0 if the command was successful


-- 
/ Alexander Bokovoy

_______________________________________________
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-devel

Reply via email to