I do have the AD SSL cert installed, but from how I read it, I need to install the cert from the FreeIPA DS into Windows AD certificate store.
On Fri, Nov 11, 2011 at 3:33 PM, Rich Megginson <rmegg...@redhat.com> wrote: > ** > On 11/11/2011 01:11 PM, Jimmy wrote: > > I am trying to get FreeIPA synchronizing with AD. The instructions I have > found on the web go through setting up SSL for passsync, but they all > reference installing the CA cert from the Directory Server without > specifying how to go about getting the DS CA cert. I found a couple links > on how to export the CA cert but they didn't work as described. > > (step 'f' in this link) > > https://docs.fedoraproject.org/en-US/Fedora/15/html/FreeIPA_Guide/Setting_up_Active_Directory.html# > > Step f isn't necessary. And it is usually not necessary to manually setup > AD for SSL. If you install the Microsoft Cert System in Enterprise Root CA > mode, it will usually create and install the AD SSL cert automatically. > > This link > http://docs.redhat.com/docs/en-US/Red_Hat_Directory_Server/8.2/html-single/Administration_Guide/index.html#Configuring_Windows_Sync-Install_the_Password_Sync_Serviceexplains > a bit more about how to set up PassSync to use SSL to talk to IPA > (i.e. how and where to install the IPA CA cert for use by PassSync). Note > that AD itself doesn't talk to IPA - it's only the PassSync "AD plugin" > that talks to IPA, and only for the purpose of sending the clear text > password changes from AD to IPA. > > > _______________________________________________ > Freeipa-users mailing > listFreeipafirstname.lastname@example.org://www.redhat.com/mailman/listinfo/freeipa-users > > >
_______________________________________________ Freeipa-users mailing list Freeipaemail@example.com https://www.redhat.com/mailman/listinfo/freeipa-users