Mister Anonyme
2008-Aug-26 17:15 UTC
[Fedora-directory-users] SSL communication between AD and DS
Hi, This is driving me crazy.... I''m trying to setup a SSL communication between Directory Server and AD. Without SSL, the synchronization works very well, I can see all user accounts in DS, but I need SSL to be able to synchronize the passwords as well. So, here what I did: On AD, I opened IE on this following address: http://localhost/certsrv/ I requested a new certificate and installed it. I can see the new certificate in MMC console, in Certificate->Personal->Certificates. After, I exported the CA Certificate from DS like this: pk12util -d . -o CAcert.pfx -n CAcert I transfered the file to AD and imported it right here: MMC Console->Certificate->Trusted Root Certification Authorites->Certificates Then, I exported the CA Certificate (from AD) from the same directory as above and imported in DS with the DS Console (section Manage Certificates->CA Certs) I tested the communication by doing this: /usr/lib/mozldap6/ldapsearch -Z -P /etc/dirsrv/slapd-myinst/cert8.db -h 1.1.1.1 -p 636 -D "cn=Windows Sync,cn=users,dc=domain,dc=local" -w _PASS_ -s sub -b "ou=users,dc=domain,dc=local" "(objectClass=*)" Work well, I have a listing of user accounts. Then, I re-created a new Windows Sync agreement (with SSL and port 636) and I''m always getting this following error: The consumer initialization has unsuccessfully completed. The error received by the replica is: 48 - LDAP error: Inappropriate authentication Thank you for your help in advance. _________________________________________________________________ If you like crossword puzzles, then you''ll love Flexicon, a game which combines four overlapping crossword puzzles into one! http://g.msn.ca/ca55/208
Mister Anonyme
2008-Aug-26 19:25 UTC
RE: [Fedora-directory-users] SSL communication between AD and DS
Hi, Shame on me... I forgot to restart the LDAP server to activate the SSL. From: benetage@hotmail.com To: fedora-directory-users@redhat.com Date: Tue, 26 Aug 2008 13:15:17 -0400 Subject: [Fedora-directory-users] SSL communication between AD and DS Hi, This is driving me crazy.... I''m trying to setup a SSL communication between Directory Server and AD. Without SSL, the synchronization works very well, I can see all user accounts in DS, but I need SSL to be able to synchronize the passwords as well. So, here what I did: On AD, I opened IE on this following address: http://localhost/certsrv/ I requested a new certificate and installed it. I can see the new certificate in MMC console, in Certificate->Personal->Certificates. After, I exported the CA Certificate from DS like this: pk12util -d . -o CAcert.pfx -n CAcert I transfered the file to AD and imported it right here: MMC Console->Certificate->Trusted Root Certification Authorites->Certificates Then, I exported the CA Certificate (from AD) from the same directory as above and imported in DS with the DS Console (section Manage Certificates->CA Certs) I tested the communication by doing this: /usr/lib/mozldap6/ldapsearch -Z -P /etc/dirsrv/slapd-myinst/cert8.db -h 1.1.1.1 -p 636 -D "cn=Windows Sync,cn=users,dc=domain,dc=local" -w _PASS_ -s sub -b "ou=users,dc=domain,dc=local" "(objectClass=*)" Work well, I have a listing of user accounts. Then, I re-created a new Windows Sync agreement (with SSL and port 636) and I''m always getting this following error: The consumer initialization has unsuccessfully completed. The error received by the replica is: 48 - LDAP error: Inappropriate authentication Thank you for your help in advance. _________________________________________________________________ Try Chicktionary, a game that tests how many words you can form from the letters given. Find this and more puzzles at Live Search Games! http://g.msn.ca/ca55/207