Hi,

My Windows person suggests because this is a self signed cert, the client needs 
to be forced to trust it....?

regards

Steven
________________________________________
From: Rob Crittenden [rcrit...@redhat.com]
Sent: Wednesday, 30 March 2011 2:50 a.m.
To: Steven Jones
Cc: freeipa-users@redhat.com
Subject: Re: [Freeipa-users] AD setup failure

Steven Jones wrote:
> Got a bit further.......I was missing   "--passsync"

I think you were using the V1 documentation. The "Enterprise Identity
Management Guide" is what you want off freeipa.org in the Documentation
section.

>
> [root@fed14-64-ipam001 samba]# ipa-replica-manage connect --winsync --binddn 
> cn=administrator,cn=users,dc=ipa,dc-ac,dc=nz \--bindpw Qsmith51B --cacert 
> /home/jonesst1/domaincert.cer dc0001.ipa.ac.nz -v
> ipa: ERROR: The arguments --binddn, --bindpw, --passsync and --cacert are 
> required to create a winsync agreement
> [root@fed14-64-ipam001 samba]# ipa-replica-manage connect --winsync --binddn 
> cn=administrator,cn=users,dc=ipa,dc-ac,dc=nz \--bindpw Qsmith51B --passsync 
> Qsmith51B --cacert /home/jonesst1/domaincert.cer dc0001.ipa.ac.nz -v
> Added CA certificate /home/jonesst1/domaincert.cer to certificate database 
> for fed14-64-ipam001.ipa.ac.nz
> ipa: INFO: Failed to connect to AD server dc0001.ipa.ac.nz
> ipa: INFO: The error was: {'info': 'TLS error -8179:Unknown code ___f 13', 
> 'desc': 'Connect error'}
> unexpected error: Failed to setup winsync replication
> [root@fed14-64-ipam001 samba]# host dc0001.ipa.ac.nz
> dc0001.ipa.ac.nz has address 192.168.101.2
> [root@fed14-64-ipam001 samba]#
>
> But still isnt working.........

I think you have the wrong AD cert. -8179 translates to "Certificate is
signed by an unknown issuer". Can you verify that you have the AD CA
certificate?

rob

_______________________________________________
Freeipa-users mailing list
Freeipa-users@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-users

Reply via email to