Glenn wrote:
You should not need to do this. All that should be required is that each cert db has the cert for that server plus the trusted CA cert.Paolo - Maybe your certificates are not set up correctly. You should have thesame CA certificate in the database in both FDS and AD. Also, the server certs in each database should be issued by the same certificate authority.It is convenient to use the Certificate Authority included with recent Microsoft Windows servers to create a CA certificate to import into both databases. You can then create server certificates using the MSCA and import them into their respective databases.You may also need to import the server certificate from FDS into the database on AD and vice-versa.
Once this is done, you should review and possibly modify the trust attributes on all the certs. As you can see from my examples, I used a scatter-gun approach. You will need to use certutil for all import and modify operations on the certificate databases. "certutil -H" gives a nice reference.Examples:sibelius=FD boccherini=AD TWCA=CA[root@sibelius alias]# ./certutil -L -d . -P slapd-sibelius- TWCA CT,c,cboccherini P,P,P server-cert CTu,cu,cu C:\Program Files\RHD Password Sync>certutil -L -d . TWCA CT,C,C server-cert Pu,Pu,Pu boccherini P,P,P Remember to restart FDS and PassSync after making changes. -G. ---------- Original Message ----------- From: Paolo Barbato <paolo.barbato@xxxxxxxxxx> To: fedora-directory-users@xxxxxxxxxx Sent: Thu, 27 Sep 2007 10:06:40 +0200 Subject: fds vs passsync vs ADHi all!I've succesfully installed fds and passync msi on windows AD. I admit that some probem have arisen since documentation is a bit poor on SSL part, especially on AD, but then finally I was able to make things works.I'm facing an odd problem that I'm not able to understand, but probably already discussed on the list.I'm able to take in sync password in AD and FDS when I change password from AD, but not viceversa. Really from Windows event log things seem go right: it tell me that pasword has been succesfully updated (passwd is issued from linux). But that stored password is somewhat different . Could be an encryption problem ? Any hints ?Regards, Paolo. -- ------------------------------------------------------------------------------------------------Paolo Barbato email: mailto:paolo.barbato@xxxxxxxxxx Network Administrator phone: (39-049)-829-5097 (39-049)-829-5000 Corso Stati Uniti,4 www: http://www.igi.cnr.it35127 Camin-Padova PGP: http://www.igi.cnr.it/wwwpgp/rfx_paolo_barbato.pgpITALY JabberID: rfx_paolo_barbato@xxxxxxxxxxxxxxxxxx -------------------------------------------------------------------------------------------------- Fedora-directory-users mailing list Fedora-directory-users@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-directory-users------- End of Original Message ------- -- Fedora-directory-users mailing list Fedora-directory-users@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-directory-users
<<attachment: smime.p7s>>
-- Fedora-directory-users mailing list Fedora-directory-users@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-directory-users
