I do have the AD SSL cert installed, but from how I read it, I need to
install the cert from the FreeIPA DS into Windows AD certificate store.

On Fri, Nov 11, 2011 at 3:33 PM, Rich Megginson <rmegg...@redhat.com> wrote:

> **
> On 11/11/2011 01:11 PM, Jimmy wrote:
> I am trying to get FreeIPA synchronizing with AD. The instructions I have
> found on the web go through setting up SSL for passsync, but they all
> reference installing the CA cert from the Directory Server without
> specifying how to go about getting the DS CA cert. I found a couple links
> on how to export the CA cert but they didn't work as described.
>  (step 'f' in this link)
> https://docs.fedoraproject.org/en-US/Fedora/15/html/FreeIPA_Guide/Setting_up_Active_Directory.html#
> Step f isn't necessary.  And it is usually not necessary to manually setup
> AD for SSL.  If you install the Microsoft Cert System in Enterprise Root CA
> mode, it will usually create and install the AD SSL cert automatically.
> This link
> http://docs.redhat.com/docs/en-US/Red_Hat_Directory_Server/8.2/html-single/Administration_Guide/index.html#Configuring_Windows_Sync-Install_the_Password_Sync_Serviceexplains
>  a bit more about how to set up PassSync to use SSL to talk to IPA
> (i.e. how and where to install the IPA CA cert for use by PassSync).  Note
> that AD itself doesn't talk to IPA - it's only the PassSync "AD plugin"
> that talks to IPA, and only for the purpose of sending the clear text
> password changes from AD to IPA.
> _______________________________________________
> Freeipa-users mailing 
> listFreeipa-users@redhat.comhttps://www.redhat.com/mailman/listinfo/freeipa-users
Freeipa-users mailing list

Reply via email to