On 02/10/2015 12:14 PM, Prady Dash wrote:

Hi,

Use Case :

We have a user group for VPN, So in a case of DR no one else would able to use VPN as AD is the SPOF, So what am trying to achieve if FreeIPA can help to hold the user data for this group might be temporary so that users could use VPN during AD failure.

Is this possible ?


This would be possible but would require reconfiguration of the VPN in case of problems with AD. It would also require for you to do a winsync of the user passwords keep passwords in sync.

I am all for you using FreeIPA for this but seems like a much more work for you than to add another AD instance or use Samba 4 as a secondary DC.

Regards,

/Prady

*From:*Dmitri Pal [mailto:d...@redhat.com]
*Sent:* 10 February 2015 17:09
*To:* Prady Dash; freeipa-users@redhat.com
*Subject:* Re: [Freeipa-users] LDAP Connection error while Integrating AD with FreeIPA

On 02/10/2015 11:21 AM, Prady Dash wrote:

    Hi,

    I am using the below version :

    ipa-server-3.0.0-42.el6.x86_64

    What I want is to integrate AD with FreeIPA so in case of AD
    failure FreeIPA should able to handle the requests( might be
    temporary  such as cache or something like that ).


This is not the use case that would be easy to make work.
So are you planning to configure SSSD on clients to use AD and IPA domains in parallel?


    Regards,

    /Prady

    *From:*freeipa-users-boun...@redhat.com
    <mailto:freeipa-users-boun...@redhat.com>
    [mailto:freeipa-users-boun...@redhat.com] *On Behalf Of *Dmitri Pal
    *Sent:* 10 February 2015 16:07
    *To:* freeipa-users@redhat.com <mailto:freeipa-users@redhat.com>
    *Subject:* Re: [Freeipa-users] LDAP Connection error while
    Integrating AD with FreeIPA

    On 02/10/2015 10:59 AM, Prady Dash wrote:

        Hi,

        I am trying to integrate AD with FreeIPA.  I was following the
        below document.

        
https://www.freeipa.org/images/2/2b/Installation_and_Deployment_Guide.pdf

        While configuring am facing the below error.

        /[root@appserver2 ~]# ipa-replica-manage connect --winsync
        --binddn cn=Administrator,cn=users,dc=abc,dc=local --bindpw
        XXXXXXX --passsync XXXXXX  --passsync XXXXXXX --cacert
        /etc/openldap/certs/abc.cer ad.abc.local -v/

        /Directory Manager password:/

        //

        /Added CA certificate /etc/openldap/certs/ abc.cer to
        certificate database for appserver2.qinec.com/

        /ipa: INFO: AD Suffix is: DC=abc,DC=local/

        /The user for the Windows PassSync service is
        uid=passsync,cn=sysaccounts,cn=etc,dc=xyz,dc=com/

        /Windows PassSync entry exists, not resetting password/

        /ipa: INFO: Added new sync agreement, waiting for it to become
        ready . . ./

        /ipa: INFO: Replication Update in progress: FALSE: status:
        -11  - LDAP error: Connect error: start: 0: end: 0/

        /ipa: INFO: Agreement is ready, starting replication . . ./

        /Starting replication, please wait until this has completed./

        /[appserver2.abc.com] reports: Update failed! Status: [-11  -
        LDAP error: Connect error]/

        /Failed to start replication/

        //

        Please suggest.

        Regards,

        /Prady




    This is a very old documentation.
    Please use the latest documentation on the Red Hat portal.
    What IPA version and platform are you using?
    Do you really want to sync users? Have you considered a trust? Are
    you aware of that option which is preferred now?



--
    Thank you,

    Dmitri Pal

    Sr. Engineering Manager IdM portfolio

    Red Hat, Inc.




--
Thank you,
Dmitri Pal
Sr. Engineering Manager IdM portfolio
Red Hat, Inc.


--
Thank you,
Dmitri Pal

Sr. Engineering Manager IdM portfolio
Red Hat, Inc.

-- 
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go To http://freeipa.org for more info on the project

Reply via email to