Thanks for your response.
My environment is:
OS: Centos 6.7 - kernel 2.6.32-537.3.1
NSS package: nss-3.19.1-3
IPA version: 3.0.0-47
389-ds-base version: 220.127.116.11-60
On Tue, Feb 16, 2016 at 12:06 PM, Alexander Bokovoy <aboko...@redhat.com>
> On Tue, 16 Feb 2016, Mitra Dehghan wrote:
>> I want to Sync IPA and Active directory servers:
>> 1- I'm using an external root CA server which uses key size of 4096
>> 2- Both IPA and Active directory, use the same CA server as external root
>> 3- Using default configuration,the handshake process for establishing SSL
>> connection between servers(IPA and active directory) is failed during
>> certificate-base authentication. As a result password Sync. fails after
>> user synchronization is done.
>> I guess the problem is key size and I was wondering if any special changes
>> are required in the CA instance configured by IPA or if the job is
>> at all.
>> Note: Things goes well when I use internal CA servers both for active
>> directory and IPA server.
> Can you give a bit more details about your environment? We fixed a bug
> in NSS some time ago related to this issue.
> What is your distribution? nss package version? IPA version? 389-ds-base
> / Alexander Bokovoy
Manage your subscription for the Freeipa-users mailing list:
Go to http://freeipa.org for more info on the project