Glenn wrote: > Paolo - Maybe your certificates are not set up correctly. You should have the > same CA certificate in the database in both FDS and AD. Also, the server > certs in each database should be issued by the same certificate authority. > > It is convenient to use the Certificate Authority included with recent > Microsoft Windows servers to create a CA certificate to import into both > databases. You can then create server certificates using the MSCA and import > them into their respective databases. > > You may also need to import the server certificate from FDS into the database > on AD and vice-versa. You should not need to do this. All that should be required is that each cert db has the cert for that server plus the trusted CA cert. > Once this is done, you should review and possibly > modify the trust attributes on all the certs. As you can see from my > examples, I used a scatter-gun approach. > > You will need to use certutil for all import and modify operations on the > certificate databases. "certutil -H" gives a nice reference. > > Examples: > > sibelius=FD > boccherini=AD > TWCA=CA > > [root at sibelius alias]# ./certutil -L -d . -P slapd-sibelius- > TWCA CT,c,c > boccherini P,P,P > server-cert CTu,cu,cu > > C:\Program Files\RHD Password Sync>certutil -L -d . > TWCA CT,C,C > server-cert Pu,Pu,Pu > boccherini P,P,P > > Remember to restart FDS and PassSync after making changes. -G. > > > ---------- Original Message ----------- > From: Paolo Barbato <paolo.barbato at igi.cnr.it> > To: fedora-directory-users at redhat.com > Sent: Thu, 27 Sep 2007 10:06:40 +0200 > Subject: fds vs passsync vs AD > > >> Hi all! >> >> I've succesfully installed fds and passync msi on windows AD. I >> admit that some probem have arisen since documentation is a bit poor >> on SSL part, especially on AD, but then finally I was able to make >> things works. >> >> I'm facing an odd problem that I'm not able to understand, but >> probably already discussed on the list. >> >> I'm able to take in sync password in AD and FDS when I change >> password from AD, but not viceversa. Really from Windows event log >> things seem go right: it tell me that pasword has been succesfully >> updated (passwd is issued from linux). But that stored password is >> somewhat different . Could be an encryption problem ? Any hints ? >> >> Regards, >> Paolo. >> -- >> ---------------------------------------------------------------------------- >> > -------------------- > >> Paolo Barbato email: mailto:paolo.barbato at igi.cnr.it >> Network Administrator phone: (39-049)-829-5097 >> (39-049)-829-5000 >> Corso Stati Uniti,4 www: http://www.igi.cnr.it >> 35127 Camin-Padova PGP: >> http://www.igi.cnr.it/wwwpgp/rfx_paolo_barbato.pgp >> ITALY JabberID: rfx_paolo_barbato at messenger.efda.org >> ---------------------------------------------------------------------------- >> > -------------------- > >> -- >> Fedora-directory-users mailing list >> Fedora-directory-users at redhat.com >> https://www.redhat.com/mailman/listinfo/fedora-directory-users >> > ------- End of Original Message ------- > > -- > Fedora-directory-users mailing list > Fedora-directory-users at redhat.com > https://www.redhat.com/mailman/listinfo/fedora-directory-users > -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 3245 bytes Desc: S/MIME Cryptographic Signature Url : http://lists.fedoraproject.org/pipermail/389-users/attachments/20070927/f561fc48/attachment.bin
