[Freeipa-users] Insufficient access during winsync agreement

Simo Sorce simo at redhat.com
Tue Jun 21 12:00:30 UTC 2011


On Tue, 2011-06-21 at 10:01 +0100, Attila Bogár wrote:
> On 20/06/11 16:37, Attila Bogár wrote: 
> > I'm trying to set up the AD-FreeIPA sync agreement and I'm always
> > getting this error:
> > # ipa-replica-manage connect --winsync --binddn cn="IPA
> > Sync",cn=Users,dc=win,dc=example,dc=com --bindpw JamesBond007
> > --cacert /root/dc1.cer --passsync JamesBond007 dc1.win.example.com
> > -v
> 
> This is solved now. Directory Manager password was missing from the
> command line. (-p).
> admin user's privileges via kerberos are insufficient to set up a
> replica agreement as I see.
> 
> Could you please add this to the documentation example in the docs, I
> think upcoming users would appreciate this.
> 
> http://obriend.fedorapeople.org/freeIPA2.0/Identity_and_Policy_Management_Guide/html-single/#sect-Enterprise_Identity_Management_Guide-Setting_up_Synchronization_Between_IPA_and_Active_Directory-Setting_up_Windows_Sync_on_the_IPA_Server
> 

If the command didn't give you an error it is a bug, can you please open
a ticket ?

Simo.

-- 
Simo Sorce * Red Hat, Inc * New York




More information about the Freeipa-users mailing list