[Freeipa-users] Problems replicating with Windows 2008 AD

Rich Megginson rmeggins at redhat.com
Wed May 16 23:11:32 UTC 2012 

On 05/16/2012 04:33 PM, Kline, Sara wrote:
>
> Hey all,
>
> FreeIPA has been very simple to setup so far, I have been able to 
> follow along with the documentation every step of the way. I am 
> running into an issue however when trying to set up replication 
> between the Red Hat 6.2 server running FreeIPA and the Win 2008 R2 
> server running Active Directory. I created the replication user like 
> the instructions say and gave it the necessary permissions, however 
> when I try to set up the agreement, it tells me I am using invalid 
> credentials. I am unsure of what I should do at this point? SSL Certs 
> are installed on both and trusted on both, the servers are connected 
> and both are synced to the same time source. Can anyone think of 
> anything else?
>
> I am using the command as follows:
>
> Ipa-replica-manage connect --winsync
>
> --binddn cn=freeipa,cn=users,dc=prod,dc=example,dc=com
>
> --bindpw mypassword
>
> --passsync mypassword
>
> --cacert /etc/openldap/cacerts/winadcert.cer
>
> oly-infra-ldap2.prod.example.com
>

You can use ldapsearch to test the connection with AD:

LDAPTLS_CACERTDIR=/etc/dirsrv/slapd-YOUR-DOMAIN ldapsearch -xLLL -H 
ldap://oly-infra-ldap2.prod.example.com -ZZ -D 
"cn=freeipa,cn=users,dc=prod,dc=example,dc=com" -w mypassword-s base -b 
"" 'objectclass=*' namingcontexts

This assumes
1) oly-infra-ldap2.prod.example.com is the correct FQDN of your AD machine
2) cn=freeipa,cn=users,dc=prod,dc=example,dc=com is a valid AD user in AD
3) mypassword is the correct password and doesn't need to be quoted for 
the shell

> Sara Kline
>
> System Administrator
>
> Transaction Network Services, Inc
>
> 4501 Intelco Loop, Lacey WA 98503
>
> Wk: (360) 493-6736
>
> Cell: (360) 280-2495
>
>
> ------------------------------------------------------------------------
> This e-mail message is for the sole use of the intended 
> recipient(s)and may
> contain confidential and privileged information of Transaction Network 
> Services.
> Any unauthorised review, use, disclosure or distribution is 
> prohibited. If you
> are not the intended recipient, please contact the sender by reply 
> e-mail and destroy all copies of the original message.
>
>
>
> _______________________________________________
> Freeipa-users mailing list
> Freeipa-users at redhat.com
> https://www.redhat.com/mailman/listinfo/freeipa-users

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20120516/d0efd085/attachment.htm>

More information about the Freeipa-users mailing list