ok. I started from scratch this week on this and I think I've got the right doc and understand better where this is going. My problem now is that when configuring SSL on the AD server (step c in this url: http://docs.redhat.com/docs/en-US/Red_Hat_Directory_Server/8.2/html-single/Administration_Guide/index.html#Install_and_Configure_the_Password_Sync_Service ) I get this error:
certreq -submit request.req certnew.cer Active Directory Enrollment Policy {25DDA1E7-3A99-4893-BA32-9955AC9EAC42} ldap: RequestId: 3 RequestId: "3" Certificate not issued (Denied) Denied by Policy Module 0x80094801, The request does not contain a certificate template extension or the CertificateTemplate request attribute. The request contains no certificate template information. 0x80094801 (-2146875391) Certificate Request Processor: The request contains no certificate template information. 0x80094801 (-2146875391) Denied by Policy Module 0x80094801, The request does not contain a certificate template extension or the CertificateTemplate request attribute. The RH doc says to use the browser if an error occurs and IIS is running but I'm not running IIS. I researched that error but didn't find anything that helps with FreeIPA and passsync. Jimmy On Wed, Jan 11, 2012 at 3:32 PM, Rich Megginson <rmegg...@redhat.com> wrote: > ** > On 01/11/2012 11:22 AM, Jimmy wrote: > > We need to be able to replicate user/pass between Windows 2008 AD and > FreeIPA. > > > That's what IPA Windows Sync is supposed to do. > > > I have followed many different documents and posted here about it and from > what I've read and procedures I've followed we are unable to accomplish > this. > > > What have you tried, and what problems have you run into? > > It doesn't need to be a full trust. > > Thanks > > On Tue, Jan 10, 2012 at 3:03 AM, Jan Zelený <jzel...@redhat.com> wrote: > >> > Just wondering if there was anyone listening on the list that might be >> > available for little work integrating FreeIPA with Active Directory >> > (preferrably in the south east US.) I hope this isn't against the list >> > rules, I just thought one of you guys could help or point me in the >> right >> > direction. >> >> If you want some help, it is certainly not against list rules ;-) But >> in that >> case, it would be much better if you asked what exactly do you need. >> >> I'm not an AD expert, but a couple tips: If you are looking for >> cross-domain >> (cross-realm) trust, then you might be a bit disappointed, it is still in >> development, so it probably won't be 100% functional at this moment. >> >> If you are looking for something else, could you be a little more >> specific what >> it is? >> >> I also recommend starting with reading some doc: >> http://freeipa.org/page/DocumentationPortal >> >> Thanks >> Jan >> > > > _______________________________________________ > Freeipa-users mailing > listFreeipa-users@redhat.comhttps://www.redhat.com/mailman/listinfo/freeipa-users > > >
_______________________________________________ Freeipa-users mailing list Freeipa-users@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-users