[Freeipa-users] consulting?

Jimmy g17jimmy at gmail.com
Wed Jan 25 19:07:10 UTC 2012 

Found the reason for the ldap search not working- when I created the AD
certificate role, I accidentally entered a new sub-domain so in stead of
the FQDN in the cert being csp-ad.pdh.csp it came out csp-ad.cspad.pdh.csp.
I updated DNS and now the ldap search seems to work-

ldif output-- http://fpaste.org/xbOC/
debug-  http://fpaste.org/6g8q/

I guess I need to redo the sync agreement to fix the server DNS name.

I will be traveling for work for the next couple days but should still be
working on this issue some. I'll take VM's of the servers on my laptop to
be able to keep working.
-Jimmy

On Thu, Jan 19, 2012 at 5:04 PM, Rich Megginson <rmeggins at redhat.com> wrote:

> **
> On 01/19/2012 02:59 PM, Jimmy wrote:
>
> ok. I started from scratch this week on this and I think I've got the
> right doc and understand better where this is going. My problem now is that
> when configuring SSL on the AD server (step c in this url:
> http://docs.redhat.com/docs/en-US/Red_Hat_Directory_Server/8.2/html-single/Administration_Guide/index.html#Install_and_Configure_the_Password_Sync_Service )
>
> I get this error:
>
>  certreq -submit request.req certnew.cer
> Active Directory Enrollment Policy
>   {25DDA1E7-3A99-4893-BA32-9955AC9EAC42}
>   ldap:
> RequestId: 3
> RequestId: "3"
> Certificate not issued (Denied) Denied by Policy Module  0x80094801, The
> request does not contain a certificate template extension or the
> CertificateTemplate request attribute.
>  The request contains no certificate template information. 0x80094801
> (-2146875391)
> Certificate Request Processor: The request contains no certificate
> template information. 0x80094801 (-2146875391)
>  Denied by Policy Module  0x80094801, The request does not contain a
> certificate template extension or the CertificateTemplate request attribute.
>
>  The RH doc says to use the browser if an error occurs and IIS is running
> but I'm not running IIS. I researched that error but didn't find anything
> that helps with FreeIPA and passsync.
>
> Hmm - try installing Microsoft Certificate Authority in Enterprise Root CA
> mode - it will usually automatically create and install the AD server
> cert.  http://directory.fedoraproject.org/wiki/Howto:WindowsSync
>
>
>  Jimmy
>
> On Wed, Jan 11, 2012 at 3:32 PM, Rich Megginson <rmeggins at redhat.com>wrote:
>
>>  On 01/11/2012 11:22 AM, Jimmy wrote:
>>
>> We need to be able to replicate user/pass between Windows 2008 AD and
>> FreeIPA.
>>
>>
>>  That's what IPA Windows Sync is supposed to do.
>>
>>
>> I have followed many different documents and posted here about it and
>> from what I've read and procedures I've followed we are unable to
>> accomplish this.
>>
>>
>>  What have you tried, and what problems have you run into?
>>
>>  It doesn't need to be a full trust.
>>
>>  Thanks
>>
>> On Tue, Jan 10, 2012 at 3:03 AM, Jan Zelený <jzeleny at redhat.com> wrote:
>>
>>>  > Just wondering if there was anyone listening on the list that might
>>> be
>>> > available for little work integrating FreeIPA with Active Directory
>>> > (preferrably in the south east US.) I hope this isn't against the list
>>> > rules, I just thought one of you guys could help or point me in the
>>> right
>>> > direction.
>>>
>>>  If you want some help, it is certainly not against list rules ;-) But
>>> in that
>>> case, it would be much better if you asked what exactly do you need.
>>>
>>> I'm not an AD expert, but a couple tips: If you are looking for
>>> cross-domain
>>> (cross-realm) trust, then you might be a bit disappointed, it is still in
>>> development, so it probably won't be 100% functional at this moment.
>>>
>>> If you are looking for something else, could you be a little more
>>> specific what
>>> it is?
>>>
>>> I also recommend starting with reading some doc:
>>> http://freeipa.org/page/DocumentationPortal
>>>
>>> Thanks
>>> Jan
>>>
>>
>>
>> _______________________________________________
>> Freeipa-users mailing listFreeipa-users at redhat.comhttps://www.redhat.com/mailman/listinfo/freeipa-users
>>
>>
>>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20120125/87ef8ba8/attachment.htm>

More information about the Freeipa-users mailing list