On 11/11/2011 02:23 PM, Jimmy wrote:
I do have the AD SSL cert installed, but from how I read it, I need to install the cert from the FreeIPA DS into Windows AD certificate store.
Perhaps for something else, but for windows sync/passsync, you do not need to install the cert from the FreeIPA DS into Windows AD certificate store.


On Fri, Nov 11, 2011 at 3:33 PM, Rich Megginson <rmegg...@redhat.com <mailto:rmegg...@redhat.com>> wrote:

    On 11/11/2011 01:11 PM, Jimmy wrote:
    I am trying to get FreeIPA synchronizing with AD. The
    instructions I have found on the web go through setting up SSL
    for passsync, but they all reference installing the CA cert from
    the Directory Server without specifying how to go about getting
    the DS CA cert. I found a couple links on how to export the CA
    cert but they didn't work as described.

    (step 'f' in this link)
    
https://docs.fedoraproject.org/en-US/Fedora/15/html/FreeIPA_Guide/Setting_up_Active_Directory.html#
    Step f isn't necessary.  And it is usually not necessary to
    manually setup AD for SSL.  If you install the Microsoft Cert
    System in Enterprise Root CA mode, it will usually create and
    install the AD SSL cert automatically.

    This link
    
http://docs.redhat.com/docs/en-US/Red_Hat_Directory_Server/8.2/html-single/Administration_Guide/index.html#Configuring_Windows_Sync-Install_the_Password_Sync_Service
    explains a bit more about how to set up PassSync to use SSL to
    talk to IPA (i.e. how and where to install the IPA CA cert for use
    by PassSync).  Note that AD itself doesn't talk to IPA - it's only
    the PassSync "AD plugin" that talks to IPA, and only for the
    purpose of sending the clear text password changes from AD to IPA.


    _______________________________________________
    Freeipa-users mailing list
    Freeipa-users@redhat.com  <mailto:Freeipa-users@redhat.com>
    https://www.redhat.com/mailman/listinfo/freeipa-users



_______________________________________________
Freeipa-users mailing list
Freeipa-users@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-users

Reply via email to