I am following the various Fedora guides for installing Freeipa with sync of users/passwords from AD server.
https://docs.fedoraproject.org/en-US/Fedora/18/html/FreeIPA_Guide/managing-sync-agmt.html Hoiwever the documentation says "Active Directory CA certificate needs to be imported into the FreeIPA database" my windows colleague at head office says: There is no CA in XXXXXX domain, so I can't provide any certificates to you from there. This seems to be a LDAPS connection, and it will work if we use certificate that is trusted by both of the servers. I can sign the server with our internal CA and provide this to you. or We can sign both servers with Vaisala CA, and use these certificates. To use this setup, I'll need a CSR from IPA Also, you have to download and install our root and intermediate CA's to IPA server, so it will trust certificates signed by those. Not being that familiar with certs and with FreeIPA I have got a bit stuck on what I should do in order to resolve this and get the FreeIPA up and syncronised to one of our AD servers, can anyone offer some suggestions please ? he has sent me the ROOT and Intermediate Certs for the domain server. Thanks Ian
-- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project