Rich, While installing IPA its creates its won CA cert right? (cacert.p12), and also I done the setep of export this CA file as dsca.crt. Please let me know steps to generate the IPA CA and server cert?
On Mon, Aug 16, 2010 at 5:41 PM, Rich Megginson <[email protected]> wrote: > Shan Kumaraswamy wrote: > >> >> Hi, >> >> I have deployed FreeIPA 1.2.1 in RHEL 5.5 and I want to sync with Active >> Directory (windows 2008 R2). Can please anyone have step-by-step >> configuration doc and share to me? Previously I have done the same exercise, >> but now that is not working for me and I am facing lot of challenges to make >> this happen. >> >> Please find the steps what exactly I done so for: >> >> 1. Installed RHDS 8.1 and FreeIPA 1.2.1 and configured properly and >> tested its working fine >> >> 2. In AD side, installed Active Directory certificate Server as a >> Enterprise Root >> >> 3. Copy the “cacert.p12” file and imported under Certificates >> –Service (Active Directory Domain service) on Local Computer using MMC. >> >> 4. Installed PasSync.msi file and given all the required information >> >> 5. Run the command “certutil -d . -L -n "CA certificate" -a > >> dsca.crt” from IPA server and copied the .crt file in to AD server and ran >> this command from “cd "C:\Program Files\Red Hat Directory Password >> Synchronization" >> >> 6. certutil.exe -d . -N >> >> 7. certutil.exe -d . -A -n "DS CA cert" -t CT,, -a -i >> \path\to\dsca.crt >> >> 8. certutil.exe -d . -L -n "DS CA cert" and rebooted the AD server. >> >> After this steps, when try to create sync agreement from IPA server I am >> getting this error: >> >> >> ldap_simple_bind: Can't contact LDAP server >> >> SSL error -8179 (Peer's Certificate issuer is not recognized.) >> >> Please share the steps to configure AD Sync with IPA server. >> >> > http://www.redhat.com/docs/manuals/dir-server/8.2/admin/html/Windows_Sync-Configuring_Windows_Sync.html > > But it looks as though there is a step missing. If you use MS AD CA to > generate the AD cert, and use IPA to generate the IPA CA and server cert, > then you have to import the MS AD CA cert into IPA. > >> >> >> >> >> -- >> Thanks & Regards >> Shan Kumaraswamy >> >> > -- Thanks & Regards Shan Kumaraswamy
_______________________________________________ Freeipa-users mailing list [email protected] https://www.redhat.com/mailman/listinfo/freeipa-users
