[Freeipa-devel] [PATCH] 894 add winsync info to ipa-replica-manage man page
Alexander Bokovoy
abokovoy at redhat.com
Fri Oct 14 03:43:43 UTC 2011
On Thu, 13 Oct 2011, Rob Crittenden wrote:
> Added more detailed information on creating a winsync replica to the
> ipa-replica-manage man page.
> +Creating a Windows AD Synchronization agreement is similar to creating an IPA replication agreement, there are just a couple of extra steps:
> +.TP
> +1. Transfer the base64\-encoded Windows AD CA Certficate to your IPA Server
> +.TP
> +2. Remove any existing kerberos credentials
> + # kdestroy
> +.TP
> +3) Add the winsync replication agreement
> + # ipa\-replica\-manage connect \-\-winsync
> \-\-passsync=<bindpwd_for_syncuser_that will_be_used_for_agreement>
> \-\-cacert=/path/to/adscacert/WIN\-CA.cer \-\-binddn
> "cn=administrator,cn=users,dc=ipa,dc=qe" \-\-bindpw
> <ads_administrator_password> \-v <adserver.fqdn>
Could you please make DN similar to what is below? There will be
confusion:
> +.TP
> +You will be prompted to supply the Directory Manager's password.
> +.TP
> +Create a winsync replication agreement:
> +
> + # ipa\-replica\-manage connect \-\-winsync \-\-passsync=MySecret
> +\-\-cacert=/root/WIN\-CA.cer \-\-binddn "cn=administrator,cn=users,dc=ad,dc=example,dc=com"
> +\-\-bindpw MySecret \-v windows.ad.example.com
> +
> +.TP
> +Remove a winsync replication agreement:
> + # ipa\-replica\-manage disconnect windows.ad.example.com
> .SH "EXIT STATUS"
> 0 if the command was successful
--
/ Alexander Bokovoy
More information about the Freeipa-devel
mailing list