[Fedora-directory-users] fds vs passsync vs AD
Richard Megginson
rmeggins at redhat.com
Thu Sep 27 19:49:20 UTC 2007
Glenn wrote:
> Paolo - Maybe your certificates are not set up correctly. You should have the
> same CA certificate in the database in both FDS and AD. Also, the server
> certs in each database should be issued by the same certificate authority.
>
> It is convenient to use the Certificate Authority included with recent
> Microsoft Windows servers to create a CA certificate to import into both
> databases. You can then create server certificates using the MSCA and import
> them into their respective databases.
>
> You may also need to import the server certificate from FDS into the database
> on AD and vice-versa.
You should not need to do this. All that should be required is that
each cert db has the cert for that server plus the trusted CA cert.
> Once this is done, you should review and possibly
> modify the trust attributes on all the certs. As you can see from my
> examples, I used a scatter-gun approach.
>
> You will need to use certutil for all import and modify operations on the
> certificate databases. "certutil -H" gives a nice reference.
>
> Examples:
>
> sibelius=FD
> boccherini=AD
> TWCA=CA
>
> [root at sibelius alias]# ./certutil -L -d . -P slapd-sibelius-
> TWCA CT,c,c
> boccherini P,P,P
> server-cert CTu,cu,cu
>
> C:\Program Files\RHD Password Sync>certutil -L -d .
> TWCA CT,C,C
> server-cert Pu,Pu,Pu
> boccherini P,P,P
>
> Remember to restart FDS and PassSync after making changes. -G.
>
>
> ---------- Original Message -----------
> From: Paolo Barbato <paolo.barbato at igi.cnr.it>
> To: fedora-directory-users at redhat.com
> Sent: Thu, 27 Sep 2007 10:06:40 +0200
> Subject: [Fedora-directory-users] fds vs passsync vs AD
>
>
>> Hi all!
>>
>> I've succesfully installed fds and passync msi on windows AD. I
>> admit that some probem have arisen since documentation is a bit poor
>> on SSL part, especially on AD, but then finally I was able to make
>> things works.
>>
>> I'm facing an odd problem that I'm not able to understand, but
>> probably already discussed on the list.
>>
>> I'm able to take in sync password in AD and FDS when I change
>> password from AD, but not viceversa. Really from Windows event log
>> things seem go right: it tell me that pasword has been succesfully
>> updated (passwd is issued from linux). But that stored password is
>> somewhat different . Could be an encryption problem ? Any hints ?
>>
>> Regards,
>> Paolo.
>> --
>> ----------------------------------------------------------------------------
>>
> --------------------
>
>> Paolo Barbato email: mailto:paolo.barbato at igi.cnr.it
>> Network Administrator phone: (39-049)-829-5097
>> (39-049)-829-5000
>> Corso Stati Uniti,4 www: http://www.igi.cnr.it
>> 35127 Camin-Padova PGP:
>> http://www.igi.cnr.it/wwwpgp/rfx_paolo_barbato.pgp
>> ITALY JabberID: rfx_paolo_barbato at messenger.efda.org
>> ----------------------------------------------------------------------------
>>
> --------------------
>
>> --
>> Fedora-directory-users mailing list
>> Fedora-directory-users at redhat.com
>> https://www.redhat.com/mailman/listinfo/fedora-directory-users
>>
> ------- End of Original Message -------
>
> --
> Fedora-directory-users mailing list
> Fedora-directory-users at redhat.com
> https://www.redhat.com/mailman/listinfo/fedora-directory-users
>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 3245 bytes
Desc: S/MIME Cryptographic Signature
URL: <http://listman.redhat.com/archives/fedora-directory-users/attachments/20070927/f561fc48/attachment.bin>
More information about the Fedora-directory-users
mailing list