Found the reason for the ldap search not working- when I created the AD
certificate role, I accidentally entered a new sub-domain so in stead of
the FQDN in the cert being csp-ad.pdh.csp it came out csp-ad.cspad.pdh.csp.
I updated DNS and now the ldap search seems to work-
ldif output--
On 01/25/2012 12:07 PM, Jimmy wrote:
Found the reason for the ldap search not working- when I created the
AD certificate role, I accidentally entered a new sub-domain so in
stead of the FQDN in the cert being csp-ad.pdh.csp it came out
csp-ad.cspad.pdh.csp. I updated DNS and now the ldap
Here's what I found in the DS admin guide. Is this all that's needed to
create the sync agreement? Thanks.
add sync agreement:
ldapmodify -x -D cn=Directory Manager -W
Enter LDAP Password: ***
dn: cn=ExampleSyncAgreement,cn=sync
replica,cn=dc=example\,dc=com,cn=mapping tree,cn=config
On 01/23/2012 10:19 AM, Jimmy wrote:
Here's what I found in the DS admin guide. Is this all that's needed
to create the sync agreement?
Not with ipa - you should use the ipa-replica-manage command instead
Thanks.
add sync agreement:
ldapmodify -x -D cn=Directory Manager -W
Enter LDAP
That's what I was thinking, and what I did, but it still doesn't replicate
new users. This is the command I used:
ipa-replica-manage connect --passsync --binddn
cn=winsync,cn=Users,dc=cspad,dc=pdh,dc=csp --bindpw= --cacert
/home/winsync/AD-server-cert.cer 192.168.201.150 -v
On Mon, Jan
I did create the winsync user and it is an admin.
I will fix the ip address(change to hostname,) I only did it that was
because this is currently a test system so I can figure out how to get it
all working.
On Mon, Jan 23, 2012 at 1:06 PM, Rich Megginson rmegg...@redhat.com wrote:
**
On
You are correct. I had installed as an Enterprise root, but the doc I was
reading(original link) seemed to say that I had to do the certreq manually,
my bad. I think I'm getting closer I can establish an openssl connection
from DS to AD but I get these errors:
openssl s_client -connect
Getting close here... Now I see this message in the sync log file:
attempting to sync password for testuser
searching for (ntuserdomainid=testuser)
ldap error in queryusername
32: no such object
deferring password change for testuser
On Fri, Jan 20, 2012 at 12:23 PM, Rich Megginson
On 01/20/2012 12:46 PM, Jimmy wrote:
Getting close here... Now I see this message in the sync log file:
attempting to sync password for testuser
searching for (ntuserdomainid=testuser)
ldap error in queryusername
32: no such object
deferring password change for testuser
This usually means the
That was it! I have passwords syncing, *BUT*(at the risk of sounding
stupid)-- is it not possible to also sync(add) the users from AD to DS? I
created a new user in AD and it doesn't propogate to DS, just says:
attempting to sync password for testuser3
searching for (ntuserdomainid=testuser3)
On 01/20/2012 01:08 PM, Jimmy wrote:
That was it! I have passwords syncing, *BUT*(at the risk of sounding
stupid)-- is it not possible to also sync(add) the users from AD to DS?
Yes, it is. Just configure IPA Windows Sync
I created a new user in AD and it doesn't propogate to DS, just says:
ok. I started from scratch this week on this and I think I've got the right
doc and understand better where this is going. My problem now is that when
configuring SSL on the AD server (step c in this url:
On 01/19/2012 02:59 PM, Jimmy wrote:
ok. I started from scratch this week on this and I think I've got the
right doc and understand better where this is going. My problem now is
that when configuring SSL on the AD server (step c in this url:
Just popping up to let y'all know I haven't dropped this, just got tied up
working on OpenCA and PacketFence. I'll answer Rich's question by Monday
and hopefully get this thing going.
On Wed, Jan 11, 2012 at 3:32 PM, Rich Megginson rmegg...@redhat.com wrote:
**
On 01/11/2012 11:22 AM, Jimmy
We need to be able to replicate user/pass between Windows 2008 AD and
FreeIPA. I have followed many different documents and posted here about it
and from what I've read and procedures I've followed we are unable to
accomplish this. It doesn't need to be a full trust.
Thanks
On Tue, Jan 10, 2012
On 01/11/2012 11:22 AM, Jimmy wrote:
We need to be able to replicate user/pass between Windows 2008 AD and
FreeIPA.
That's what IPA Windows Sync is supposed to do.
I have followed many different documents and posted here about it and
from what I've read and procedures I've followed we are
16 matches
Mail list logo
