Thanks for your response.

My environment is:
OS: Centos 6.7 - kernel 2.6.32-537.3.1
NSS package: nss-3.19.1-3
IPA version:  3.0.0-47
389-ds-base version: 1.2.11.15-60

On Tue, Feb 16, 2016 at 12:06 PM, Alexander Bokovoy <aboko...@redhat.com>
wrote:

> On Tue, 16 Feb 2016, Mitra Dehghan wrote:
>
>> Hello,
>> I want to Sync IPA and Active directory servers:
>> 1- I'm using an external root CA server which uses key size of 4096
>> 2- Both IPA and Active directory, use the same CA server as external root
>> CA.
>> 3- Using default configuration,the handshake process for establishing SSL
>> connection between servers(IPA and active directory) is failed during
>> certificate-base authentication. As a result password Sync. fails after
>> user synchronization is done.
>>
>> I guess the problem is key size and I was wondering if any special changes
>> are required in the CA instance configured by IPA or if the job is
>> possible
>> at all.
>>
>> Note: Things goes well when I use internal CA servers both for active
>> directory and IPA server.
>>
> Can you give a bit more details about your environment? We fixed a bug
> in NSS some time ago related to this issue.
> https://rhn.redhat.com/errata/RHBA-2015-2121.html
>
> What is your distribution? nss package version? IPA version? 389-ds-base
> version?
>
> --
> / Alexander Bokovoy
>



-- 
m-dehghan
-- 
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go to http://freeipa.org for more info on the project

Reply via email to