fds vs passsync vs AD

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Peter Santiago wrote:
> Richard Megginson wrote:
>> Glenn wrote:
>>> Paolo - Maybe your certificates are not set up correctly.  You 
>>> should have the
>>> same CA certificate in the database in both FDS and AD.  Also, the 
>>> server certs in each database should be issued by the same 
>>> certificate authority.
>>>
>>> It is convenient to use the Certificate Authority included with 
>>> recent Microsoft Windows servers to create a CA certificate to 
>>> import into both databases.  You can then create server certificates 
>>> using the MSCA and import them into their respective databases.
>>>
>>> You may also need to import the server certificate from FDS into the 
>>> database on AD and vice-versa.
>> You should not need to do this.  All that should be required is that 
>> each cert db has the cert for that server plus the trusted CA cert.
>>> Once this is done, you should review and possibly modify the trust 
>>> attributes on all the certs.  As you can see from my examples, I 
>>> used a scatter-gun approach.
>>> You will need to use certutil for all import and modify operations 
>>> on the certificate databases.  "certutil -H" gives a nice reference.
>>>
> [snip]
>
> Just need confirmation.  In order for the passsync to work, does FDS 
> first need to have the corresponding users from Windows ADS manually 
> created ?  Doesn't Passsync do this automatically?  TIA
Not passsync (the AD "plug-in" that only sync passwords one way from AD 
to FDS) but winsync (the component that runs in FDS that pushes user, 
group, and password changes to AD, and pulls user and group changes from 
AD to FDS).
>
> ------------------------------------------------------------------------
>
> --
> Fedora-directory-users mailing list
> Fedora-directory-users at redhat.com
> https://www.redhat.com/mailman/listinfo/fedora-directory-users
>   

-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 3245 bytes
Desc: S/MIME Cryptographic Signature
Url : http://lists.fedoraproject.org/pipermail/389-users/attachments/20070928/cc24eb24/attachment.bin
[Index of Archives]     [Fedora User Discussion]     [Older Fedora Users]     [Fedora Announce]     [Fedora Package Announce]     [EPEL Announce]     [Fedora News]     [Fedora Cloud]     [Fedora Advisory Board]     [Fedora Education]     [Fedora Security]     [Fedora Scitech]     [Fedora Robotics]     [Fedora Maintainers]     [Fedora Infrastructure]     [Fedora Websites]     [Anaconda Devel]     [Fedora Devel Java]     [Fedora Legacy]     [Fedora Desktop]     [Fedora Fonts]     [ATA RAID]     [Fedora Marketing]     [Fedora Management Tools]     [Fedora Mentors]     [Fedora Package Review]     [Fedora R Devel]     [Fedora PHP Devel]     [Kickstart]     [Fedora Music]     [Fedora Packaging]     [Centos]     [Fedora SELinux]     [Fedora Legal]     [Fedora Kernel]     [Fedora QA]     [Fedora Triage]     [Fedora OCaml]     [Coolkey]     [Virtualization Tools]     [ET Management Tools]     [Yum Users]     [Tux]     [Yosemite News]     [Yosemite Photos]     [Linux Apps]     [Maemo Users]     [Gnome Users]     [KDE Users]     [Fedora Tools]     [Fedora Art]     [Fedora Docs]     [Maemo Users]     [Asterisk PBX]     [Fedora Sparc]     [Fedora Universal Network Connector]     [Fedora ARM]

  Powered by Linux