On Tue, 2012-10-23 at 12:16 -0400, Dmitri Pal wrote:
> On 10/23/2012 07:50 AM, George Machitidze wrote:
> > Hi
> >
> > I'm testing MS AD integration, following document contents
> > http://docs.fedoraproject.org/en-US/Fedora/17/html/FreeIPA_Guide/managing-sync-agmt.html
> >
> > For 8.4.2. (Creating Synchronization Agreements) we've got "--passsync
> > secretpwd", but nowhere's said if user has to be created on MS AD
> > side, or if any package has to be installed.
> It is implied that this is the password of the administrative user that
> you already have on the AD side.

Nope, the password provided with that switch is used to create a special
sysaccount user named 'passsync' in IPA.
the DN of the user is: uid=passsync,cn=sysaccount,cn=etc,$suffix

This user is used by the Windows Passsync plugin installed on AD domain
controllers. So this password is what you need to use when configuring
the Passync plugin together with the above dn template.


Simo Sorce * Red Hat, Inc * New York

Freeipa-users mailing list

Reply via email to