FAQ Search Today's Posts Mark Forums Read
» Video Reviews

» Linux Archive

Linux-archive is a website aiming to archive linux email lists and to make them easily accessible for linux users/developers.


» Sponsor

» Partners

» Sponsor

Go Back   Linux Archive > Redhat > Fedora Directory

 
 
LinkBack Thread Tools
 
Old 08-26-2008, 05:14 PM
Mister Anonyme
 
Default SSL communication between AD and DS

Hi,

This is driving me crazy....*

I'm trying to setup a SSL communication between Directory Server and AD.

Without SSL, the synchronization works very well, I can see all user accounts in DS, but I need SSL to be able to synchronize the passwords as well.

So, here what I did:

On AD, I opened IE on this following address:

http://localhost/certsrv/

I requested a new certificate and installed it.* I can see the new certificate in MMC console, in Certificate->Personal->Certificates.

After, I exported the CA Certificate from DS like this:

pk12util -d . -o CAcert.pfx -n CAcert

I transfered the file to AD and imported it right here:

MMC Console->Certificate->Trusted Root Certification Authorites->Certificates

Then, I exported the CA Certificate (from AD) from the same directory as above and imported in DS with the DS Console (section Manage Certificates->CA Certs)

I tested the communication by doing this:

/usr/lib/mozldap6/ldapsearch -Z -P /etc/dirsrv/slapd-myinst/cert8.db -h 1.1.1.1 -p 636 -D "cn=Windows Sync,cn=users,dc=domain,dc=local" -w _PASS_ -s sub -b "ou=users,dc=domain,dc=local" "(objectClass=*)"

Work well, I have a listing of user accounts.

Then, I re-created a new Windows Sync agreement (with SSL and port 636) and I'm always getting this following error:


The consumer initialization has unsuccessfully completed.
The error received by the replica is: 48 - LDAP error: Inappropriate authentication

Thank you for your help in advance.



--
Fedora-directory-users mailing list
Fedora-directory-users@redhat.com
https://www.redhat.com/mailman/listinfo/fedora-directory-users
 
Old 08-26-2008, 05:15 PM
Mister Anonyme
 
Default SSL communication between AD and DS

Hi,

This is driving me crazy....*

I'm trying to setup a SSL communication between Directory Server and AD.

Without SSL, the synchronization works very well, I can see all user accounts in DS, but I need SSL to be able to synchronize the passwords as well.

So, here what I did:

On AD, I opened IE on this following address:

http://localhost/certsrv/

I requested a new certificate and installed it.* I can see the new certificate in MMC console, in Certificate->Personal->Certificates.

After, I exported the CA Certificate from DS like this:

pk12util -d . -o CAcert.pfx -n CAcert

I transfered the file to AD and imported it right here:

MMC Console->Certificate->Trusted Root Certification Authorites->Certificates

Then, I exported the CA Certificate (from AD) from the same directory as above and imported in DS with the DS Console (section Manage Certificates->CA Certs)

I tested the communication by doing this:

/usr/lib/mozldap6/ldapsearch -Z -P /etc/dirsrv/slapd-myinst/cert8.db -h 1.1.1.1 -p 636 -D "cn=Windows Sync,cn=users,dc=domain,dc=local" -w _PASS_ -s sub -b "ou=users,dc=domain,dc=local" "(objectClass=*)"

Work well, I have a listing of user accounts.

Then, I re-created a new Windows Sync agreement (with SSL and port 636) and I'm always getting this following error:


The consumer initialization has unsuccessfully completed.
The error received by the replica is: 48 - LDAP error: Inappropriate authentication

Thank you for your help in advance.



--
Fedora-directory-users mailing list
Fedora-directory-users@redhat.com
https://www.redhat.com/mailman/listinfo/fedora-directory-users
 
Old 08-26-2008, 07:25 PM
Mister Anonyme
 
Default SSL communication between AD and DS

Hi,

Shame on me...* I forgot to restart the LDAP server to activate the SSL.


From: benetage@hotmail.com
To: fedora-directory-users@redhat.com
Date: Tue, 26 Aug 2008 13:15:17 -0400
Subject: [Fedora-directory-users] SSL communication between AD and DS









Hi,

This is driving me crazy....*

I'm trying to setup a SSL communication between Directory Server and AD.

Without SSL, the synchronization works very well, I can see all user accounts in DS, but I need SSL to be able to synchronize the passwords as well.

So, here what I did:

On AD, I opened IE on this following address:

http://localhost/certsrv/

I requested a new certificate and installed it.* I can see the new certificate in MMC console, in Certificate->Personal->Certificates.

After, I exported the CA Certificate from DS like this:

pk12util -d . -o CAcert.pfx -n CAcert

I transfered the file to AD and imported it right here:

MMC Console->Certificate->Trusted Root Certification Authorites->Certificates

Then, I exported the CA Certificate (from AD) from the same directory as above and imported in DS with the DS Console (section Manage Certificates->CA Certs)

I tested the communication by doing this:

/usr/lib/mozldap6/ldapsearch -Z -P /etc/dirsrv/slapd-myinst/cert8.db -h 1.1.1.1 -p 636 -D "cn=Windows Sync,cn=users,dc=domain,dc=local" -w _PASS_ -s sub -b "ou=users,dc=domain,dc=local" "(objectClass=*)"

Work well, I have a listing of user accounts.

Then, I re-created a new Windows Sync agreement (with SSL and port 636) and I'm always getting this following error:


The consumer initialization has unsuccessfully completed.
The error received by the replica is: 48 - LDAP error: Inappropriate authentication

Thank you for your help in advance.





--
Fedora-directory-users mailing list
Fedora-directory-users@redhat.com
https://www.redhat.com/mailman/listinfo/fedora-directory-users
 

Thread Tools




All times are GMT. The time now is 08:17 AM.

VBulletin, Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO ©2007, Crawlability, Inc.
Copyright 2007 - 2008, www.linux-archive.org