On Fri, 14 Oct 2011, Rob Crittenden wrote: > Alexander Bokovoy wrote: > >On Thu, 13 Oct 2011, Rob Crittenden wrote: > >>Added more detailed information on creating a winsync replica to the > >>ipa-replica-manage man page. > > > >>+Creating a Windows AD Synchronization agreement is similar to creating an > >>IPA replication agreement, there are just a couple of extra steps: > >>+.TP > >>+1. Transfer the base64\-encoded Windows AD CA Certficate to your IPA Server > >>+.TP > >>+2. Remove any existing kerberos credentials > >>+ # kdestroy > >>+.TP > >>+3) Add the winsync replication agreement > >>+ # ipa\-replica\-manage connect \-\-winsync > >>\-\-passsync=<bindpwd_for_syncuser_that will_be_used_for_agreement> > >>\-\-cacert=/path/to/adscacert/WIN\-CA.cer \-\-binddn > >>"cn=administrator,cn=users,dc=ipa,dc=qe" \-\-bindpw > >><ads_administrator_password> \-v<adserver.fqdn> > >Could you please make DN similar to what is below? There will be > >confusion: > > Done. I also added a bit about the PassSync user and the AD bind dn. ACK
-- / Alexander Bokovoy _______________________________________________ Freeipa-devel mailing list [email protected] https://www.redhat.com/mailman/listinfo/freeipa-devel
