Re: [Freeipa-users] Passsync details missing
On 10/23/2012 07:50 AM, George Machitidze wrote: Hi I'm testing MS AD integration, following document contents http://docs.fedoraproject.org/en-US/Fedora/17/html/FreeIPA_Guide/managing-sync-agmt.html For 8.4.2. (Creating Synchronization Agreements) we've got --passsync secretpwd, but nowhere's said if user has to be created on MS AD side, or if any package has to be installed. It is implied that this is the password of the administrative user that you already have on the AD side. How to continue? Best regards, George Machitidze ___ Freeipa-users mailing list Freeipa-users@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-users -- Thank you, Dmitri Pal Sr. Engineering Manager for IdM portfolio Red Hat Inc. --- Looking to carve out IT costs? www.redhat.com/carveoutcosts/ ___ Freeipa-users mailing list Freeipa-users@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-users
Re: [Freeipa-users] Passsync details missing
On Tue, 2012-10-23 at 12:16 -0400, Dmitri Pal wrote: On 10/23/2012 07:50 AM, George Machitidze wrote: Hi I'm testing MS AD integration, following document contents http://docs.fedoraproject.org/en-US/Fedora/17/html/FreeIPA_Guide/managing-sync-agmt.html For 8.4.2. (Creating Synchronization Agreements) we've got --passsync secretpwd, but nowhere's said if user has to be created on MS AD side, or if any package has to be installed. It is implied that this is the password of the administrative user that you already have on the AD side. Nope, the password provided with that switch is used to create a special sysaccount user named 'passsync' in IPA. the DN of the user is: uid=passsync,cn=sysaccount,cn=etc,$suffix This user is used by the Windows Passsync plugin installed on AD domain controllers. So this password is what you need to use when configuring the Passync plugin together with the above dn template. Simo. -- Simo Sorce * Red Hat, Inc * New York ___ Freeipa-users mailing list Freeipa-users@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-users
Re: [Freeipa-users] Passsync details missing
On Tue, 2012-10-23 at 13:13 -0400, Dmitri Pal wrote: On 10/23/2012 12:47 PM, Simo Sorce wrote: On Tue, 2012-10-23 at 12:16 -0400, Dmitri Pal wrote: On 10/23/2012 07:50 AM, George Machitidze wrote: Hi I'm testing MS AD integration, following document contents http://docs.fedoraproject.org/en-US/Fedora/17/html/FreeIPA_Guide/managing-sync-agmt.html For 8.4.2. (Creating Synchronization Agreements) we've got --passsync secretpwd, but nowhere's said if user has to be created on MS AD side, or if any package has to be installed. It is implied that this is the password of the administrative user that you already have on the AD side. Nope, the password provided with that switch is used to create a special sysaccount user named 'passsync' in IPA. the DN of the user is: uid=passsync,cn=sysaccount,cn=etc,$suffix This user is used by the Windows Passsync plugin installed on AD domain controllers. So this password is what you need to use when configuring the Passync plugin together with the above dn template. Simo. Then we should update our docs. Yes we should clarify our manpage by making it say: Password for the IPA system user used by the Windows Passync plugin to synchronize passwords Simo. -- Simo Sorce * Red Hat, Inc * New York ___ Freeipa-users mailing list Freeipa-users@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-users
Re: [Freeipa-users] Passsync details missing
Dmitri Pal wrote: On 10/23/2012 12:47 PM, Simo Sorce wrote: On Tue, 2012-10-23 at 12:16 -0400, Dmitri Pal wrote: On 10/23/2012 07:50 AM, George Machitidze wrote: Hi I'm testing MS AD integration, following document contents http://docs.fedoraproject.org/en-US/Fedora/17/html/FreeIPA_Guide/managing-sync-agmt.html For 8.4.2. (Creating Synchronization Agreements) we've got --passsync secretpwd, but nowhere's said if user has to be created on MS AD side, or if any package has to be installed. It is implied that this is the password of the administrative user that you already have on the AD side. Nope, the password provided with that switch is used to create a special sysaccount user named 'passsync' in IPA. the DN of the user is: uid=passsync,cn=sysaccount,cn=etc,$suffix This user is used by the Windows Passsync plugin installed on AD domain controllers. So this password is what you need to use when configuring the Passync plugin together with the above dn template. Simo. Then we should update our docs. https://fedorahosted.org/freeipa/ticket/3208 ___ Freeipa-users mailing list Freeipa-users@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-users