I have gotten a little further along with this but am having problems connecting to the AD LDAP.
[r...@ipa.wibble.com cacerts]# ipa-replica-manage connect --winsync --binddn cn=administrator,cn=users,dc=prattle,dc=com --bindpw X9deiX9dei --passsync X9deiX9dei --cacert /etc/openldap/cacerts/prattle.crt win-5uglhak7rin.prattle.com. -vvv Directory Manager password: Added CA certificate /etc/openldap/cacerts/prattle.crt to certificate database for ipa.wibble.com ipa: INFO: Failed to connect to AD server win-5uglhak7rin.prattle.com. ipa: INFO: The error was: {'info': '00000000: LdapErr: DSID-0C090E17, comment: Error initializing SSL/TLS, data 0, v1db1', 'desc': 'Server is unavailable'} Failed to setup winsync replication On 1 January 2014 22:27, Andrew Holway <andrew.hol...@gmail.com> wrote: > Hello, > > I am attempting to set up trust between my test freeipa server at > ipa.wibble.com. and my test AD server at win-5uglhak7rin.prattle.com. > > In the GUI I can see the following in "Trusts ยป prattle.com". > > Realm name: prattle.com > Domain NetBIOS name: PRATTLE > Domain Security Identifier: S-1-5-21-2812083513-4116408788-3699662436 > Trust direction: Two-way trust > Trust type: Active Directory domain > > However I cant see any of the AD users that I have created nor can I > log on to any of the systems under my freeipa realm. > > Jan 1 20:50:30 host002 sshd[9959]: Failed password for invalid user > bob from 10.51.120.1 port 55101 ssh2 > > I haven't actually done anything to AD to facilitate this trust. Its > not particularly clear what should be done. > > Many thanks, > > Andrew _______________________________________________ Freeipa-users mailing list Freeipa-users@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-users