My Windows person suggests because this is a self signed cert, the client needs 
to be forced to trust it....?


From: Rob Crittenden [rcrit...@redhat.com]
Sent: Wednesday, 30 March 2011 2:50 a.m.
To: Steven Jones
Cc: freeipa-users@redhat.com
Subject: Re: [Freeipa-users] AD setup failure

Steven Jones wrote:
> Got a bit further.......I was missing   "--passsync"

I think you were using the V1 documentation. The "Enterprise Identity
Management Guide" is what you want off freeipa.org in the Documentation

> [root@fed14-64-ipam001 samba]# ipa-replica-manage connect --winsync --binddn 
> cn=administrator,cn=users,dc=ipa,dc-ac,dc=nz \--bindpw Qsmith51B --cacert 
> /home/jonesst1/domaincert.cer dc0001.ipa.ac.nz -v
> ipa: ERROR: The arguments --binddn, --bindpw, --passsync and --cacert are 
> required to create a winsync agreement
> [root@fed14-64-ipam001 samba]# ipa-replica-manage connect --winsync --binddn 
> cn=administrator,cn=users,dc=ipa,dc-ac,dc=nz \--bindpw Qsmith51B --passsync 
> Qsmith51B --cacert /home/jonesst1/domaincert.cer dc0001.ipa.ac.nz -v
> Added CA certificate /home/jonesst1/domaincert.cer to certificate database 
> for fed14-64-ipam001.ipa.ac.nz
> ipa: INFO: Failed to connect to AD server dc0001.ipa.ac.nz
> ipa: INFO: The error was: {'info': 'TLS error -8179:Unknown code ___f 13', 
> 'desc': 'Connect error'}
> unexpected error: Failed to setup winsync replication
> [root@fed14-64-ipam001 samba]# host dc0001.ipa.ac.nz
> dc0001.ipa.ac.nz has address
> [root@fed14-64-ipam001 samba]#
> But still isnt working.........

I think you have the wrong AD cert. -8179 translates to "Certificate is
signed by an unknown issuer". Can you verify that you have the AD CA


Freeipa-users mailing list

Reply via email to