Thanks for your response. My environment is: OS: Centos 6.7 - kernel 2.6.32-537.3.1 NSS package: nss-3.19.1-3 IPA version: 3.0.0-47 389-ds-base version: 1.2.11.15-60
On Tue, Feb 16, 2016 at 12:06 PM, Alexander Bokovoy <[email protected]> wrote: > On Tue, 16 Feb 2016, Mitra Dehghan wrote: > >> Hello, >> I want to Sync IPA and Active directory servers: >> 1- I'm using an external root CA server which uses key size of 4096 >> 2- Both IPA and Active directory, use the same CA server as external root >> CA. >> 3- Using default configuration,the handshake process for establishing SSL >> connection between servers(IPA and active directory) is failed during >> certificate-base authentication. As a result password Sync. fails after >> user synchronization is done. >> >> I guess the problem is key size and I was wondering if any special changes >> are required in the CA instance configured by IPA or if the job is >> possible >> at all. >> >> Note: Things goes well when I use internal CA servers both for active >> directory and IPA server. >> > Can you give a bit more details about your environment? We fixed a bug > in NSS some time ago related to this issue. > https://rhn.redhat.com/errata/RHBA-2015-2121.html > > What is your distribution? nss package version? IPA version? 389-ds-base > version? > > -- > / Alexander Bokovoy > -- m-dehghan
-- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project
