On 11/11/2011 02:23 PM, Jimmy wrote:
I do have the AD SSL cert installed, but from how I read it, I need to
install the cert from the FreeIPA DS into Windows AD certificate store.
Perhaps for something else, but for windows sync/passsync, you do not
need to install the cert from the FreeIPA DS into Windows AD certificate
store.
On Fri, Nov 11, 2011 at 3:33 PM, Rich Megginson <rmegg...@redhat.com
<mailto:rmegg...@redhat.com>> wrote:
On 11/11/2011 01:11 PM, Jimmy wrote:
I am trying to get FreeIPA synchronizing with AD. The
instructions I have found on the web go through setting up SSL
for passsync, but they all reference installing the CA cert from
the Directory Server without specifying how to go about getting
the DS CA cert. I found a couple links on how to export the CA
cert but they didn't work as described.
(step 'f' in this link)
https://docs.fedoraproject.org/en-US/Fedora/15/html/FreeIPA_Guide/Setting_up_Active_Directory.html#
Step f isn't necessary. And it is usually not necessary to
manually setup AD for SSL. If you install the Microsoft Cert
System in Enterprise Root CA mode, it will usually create and
install the AD SSL cert automatically.
This link
http://docs.redhat.com/docs/en-US/Red_Hat_Directory_Server/8.2/html-single/Administration_Guide/index.html#Configuring_Windows_Sync-Install_the_Password_Sync_Service
explains a bit more about how to set up PassSync to use SSL to
talk to IPA (i.e. how and where to install the IPA CA cert for use
by PassSync). Note that AD itself doesn't talk to IPA - it's only
the PassSync "AD plugin" that talks to IPA, and only for the
purpose of sending the clear text password changes from AD to IPA.
_______________________________________________
Freeipa-users mailing list
Freeipa-users@redhat.com <mailto:Freeipa-users@redhat.com>
https://www.redhat.com/mailman/listinfo/freeipa-users
_______________________________________________
Freeipa-users mailing list
Freeipa-users@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-users
