laurent2.perrin--- via FreeIPA-users wrote:
> Hi,
> 
>  
> 
> I'm trying to setup a FreeIPA and Active Directory synchronisation
> following Red Hat
> documentation(https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/7/html/Windows_Integration_Guide/Setting_up_Active_Directory.html#ad-user-acct).
> 
>  
> 
> The ipa-replica-manage command returns a success but no user are
> imported in FreeIPA:
> 
> ipa-replica-manage connect --winsync
> --binddn='cn=ipasync,cn=Users,dc=ipa,dc=local'  --bindpw='####'
> --passsync #### --cacert ipa-a-v
> 
> Directory Manager password:
> 
>  
> 
> Added CA certificate ipa-ad.cloud.620nm.net.cer to certificate database
> for ipa.cloud.620nm.net
> 
> ipa: INFO: AD Suffix is: DC=ipa,DC=local
> 
> The user for the Windows PassSync service is
> uid=passsync,cn=sysaccounts,cn=etc,dc=ipa,dc=cloud,dc=620nm,dc=net
> 
> Windows PassSync system account exists, not resetting password
> 
> ipa: INFO: Added new sync agreement, waiting for it to become ready . . .
> 
> ipa: INFO: Replication Update in progress: FALSE: status: Error (0)
> Replica acquired successfully: Incremental update started: start: 0: end: 0
> 
> ipa: INFO: Agreement is ready, starting replication . . .
> 
> Starting replication, please wait until this has completed.
> 
> Update in progress, 2 seconds elapsed
> 
> Update succeeded
> 
>  
> 
> The ipasync user has been created with the rights as described in the
> documentation.
> 
>  
> 
> In the freeipa logs, I didn’t find any error message that could explain
> that user are not imported.
> 

Are your AD users under DC=ipa,DC=local?

Have you considered using AD trust instead of sync?

rob
_______________________________________________
FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org
To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org

Reply via email to