Richard Megginson wrote: > Glenn wrote: >> Paolo - Maybe your certificates are not set up correctly. You should >> have the >> same CA certificate in the database in both FDS and AD. Also, the >> server certs in each database should be issued by the same >> certificate authority. >> >> It is convenient to use the Certificate Authority included with >> recent Microsoft Windows servers to create a CA certificate to import >> into both databases. You can then create server certificates using >> the MSCA and import them into their respective databases. >> >> You may also need to import the server certificate from FDS into the >> database on AD and vice-versa. > You should not need to do this. All that should be required is that > each cert db has the cert for that server plus the trusted CA cert. >> Once this is done, you should review and possibly modify the trust >> attributes on all the certs. As you can see from my examples, I used >> a scatter-gun approach. >> You will need to use certutil for all import and modify operations on >> the certificate databases. "certutil -H" gives a nice reference. >> [snip] Just need confirmation. In order for the passsync to work, does FDS first need to have the corresponding users from Windows ADS manually created ? Doesn't Passsync do this automatically? TIA -- Peter Santiago peters at psinergybbs.com My website: www.psinergybbs.com My spamtrap address: r34987y at psinergybbs.com -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 3257 bytes Desc: S/MIME Cryptographic Signature Url : http://lists.fedoraproject.org/pipermail/389-users/attachments/20070928/f977bc53/attachment.bin
