[Fedora-directory-users] window sync certificate and Passsync
nattapon viroonsri
nattaponv at hotmail.com
Wed Jun 7 10:54:56 UTC 2006
RHEL 4.0
redhat-ds-7.1SP1-3
Window 2003
Passync-1.msi from directory.fedora.com
/opt/redhat-ds/alias
certutil -N -d .
certutil -G -d .certutil -S -n "my ca" -s "cn=ice" -x -t "CT,CT,CT" -m 1000
-v 120 -d .
certutil -S -n "ice cert" -s "cn=ice.icesolution.com" -c "my ca" -t "u,u,u"
-m 1001 -v 120 -d .
ln -s cert8.db slap-ice-cert8.db
ln -s key3.db slap-ice-key3.db
pk12util -d . -o ca.pfx -n "my ca"
pk12util -d . -o ice.pfx -n "ice cert"
import on Win2003
certutil.exe -d . -N
pk12util -d . -i ca.pfx
pk12util -d . -i ice.pfx
restart "password" sync service
test with /opt/redhat-ds/share/bin/ldapsearch
DS# ldapsearch -v -Z -D
"cn=administrator,cn=users,dc=win2003,dc=icesolution,dc=com" -w 123456 -P
/etc/redhat-ds/alias -h <ip_of_ADS> -p 636
-b "cn=users,dc=win2003,dc=icesolution,dc=com" objectClass=*
return: -8156 isuer certificate is invalid
DS# openssl s_client -connect -showcerts
its return different CA certificate that not import from my self sign
certificate.
its look like default certificate for window2003
passync not not bind nss certificate to ADS' port 636 ? i try to reboot
window2003 but still same result
and from directory console i try to config sync agreement but it return
cannot contact ADS
Regards,
Nattapon
_________________________________________________________________
Express yourself instantly with MSN Messenger! Download today it's FREE!
http://messenger.msn.click-url.com/go/onm00200471ave/direct/01/
More information about the Fedora-directory-users
mailing list