On Thu, 13 Oct 2011, Rob Crittenden wrote: > Added more detailed information on creating a winsync replica to the > ipa-replica-manage man page.
> +Creating a Windows AD Synchronization agreement is similar to creating an > IPA replication agreement, there are just a couple of extra steps: > +.TP > +1. Transfer the base64\-encoded Windows AD CA Certficate to your IPA Server > +.TP > +2. Remove any existing kerberos credentials > + # kdestroy > +.TP > +3) Add the winsync replication agreement > + # ipa\-replica\-manage connect \-\-winsync > \-\-passsync=<bindpwd_for_syncuser_that will_be_used_for_agreement> > \-\-cacert=/path/to/adscacert/WIN\-CA.cer \-\-binddn > "cn=administrator,cn=users,dc=ipa,dc=qe" \-\-bindpw > <ads_administrator_password> \-v <adserver.fqdn> Could you please make DN similar to what is below? There will be confusion: > +.TP > +You will be prompted to supply the Directory Manager's password. > +.TP > +Create a winsync replication agreement: > + > + # ipa\-replica\-manage connect \-\-winsync \-\-passsync=MySecret > +\-\-cacert=/root/WIN\-CA.cer \-\-binddn > "cn=administrator,cn=users,dc=ad,dc=example,dc=com" > +\-\-bindpw MySecret \-v windows.ad.example.com > + > +.TP > +Remove a winsync replication agreement: > + # ipa\-replica\-manage disconnect windows.ad.example.com > .SH "EXIT STATUS" > 0 if the command was successful -- / Alexander Bokovoy _______________________________________________ Freeipa-devel mailing list [email protected] https://www.redhat.com/mailman/listinfo/freeipa-devel
