Ah, well that makes sense then! I couldn't understand why the freeipa.org doc (http://www.freeipa.org/page/Howto/IPAv3_AD_trust_setup) ends at at cross realm trust -- plus everything was working fine at that point, but I thought the FC18 docs had further instructions for sync agreements --> it was ID10T error on my part! -- just blindly clicking "next"...
So I'm just going to "disconnect" and delete the agreement and certs..... Actually, I may just start from scratch. It was easy enough to do up until the point I mixed up the instructions. thanks very much clearing up my misunderstanding / pointing out the obvious!!! And thanks for the link -- probably should watch that first.... LOL. -J. On Tue, Oct 15, 2013 at 4:01 PM, Alexander Bokovoy <aboko...@redhat.com> wrote: > > > ----- Original Message ----- >> From: "janice.psyop" <janice.ps...@gmail.com> >> To: freeipa-users@redhat.com >> Sent: Tuesday, October 15, 2013 6:51:42 PM >> Subject: Re: [Freeipa-users] ipa sync agreement to AD DC is taking a very >> long time >> >> Thanks for the replies. >> >> I checked this morning and it was still hung up on "Update in progess" >> so I killed it. >> >> @Alexander: Yes, I had already established a trust with our AD DC. I >> was doing step " 9.4.2. Creating Synchronization Agreements" >> (FreeIPA_Guide/managing-sync-agmt.html) I've been following the >> guide step-by-step. > What I was trying to say is that you have misunderstood instructions and > are doing wrong configuration that is not supported and never was meant to > exist. > > AD trusts are configured with 'ipa-adtrust-install' tool and trust is > established with 'ipa trust-add' command. > We don't replicate any user and group related information from AD to IPA LDAP > when using AD trusts. > > AD replication is a totally separate technique and should not be combined > with AD trusts. > This combination makes no sense, was not designed to be used together, and is > not supported. > > Therefore, your attempt to add AD replication to already configured AD trusts > is wrong. > You need to chose what approach to take: either trusts or replication. > > Dmitri Pal presented AD integration options at DevConf.cz this year. His talk > is recorded > and available at youtube: http://www.youtube.com/watch?v=cS6EJ1L7fRI and > slides are here: > http://www.devconf.cz/slides/Linux-AD-Integration-Options.odp > > I'd recommend to watch this talk as it is most detailed explanation of > various options > how to integrate POSIX and AD environments. > -- > / Alexander Bokovoy _______________________________________________ Freeipa-users mailing list Freeipa-users@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-users