Skip to content

Freeipa Sync Agreement

The main cause of most of the problems was insufficient documentation. A section on winsync has been added to the ipa-replica-manage sleeve page. Has anyone ever managed to set up an AD sync with FreeIPA? The ipasync user was created with the rights described in the documentation. In the following examples, the AD administrator account is used as a sync user. This is not mandatory, but the user must have access to the sub-structure. –winsync –passsync-MySecret –cacert-/root/WIN-CA.cer –binddnn “cn-administrator,cn-users,dc-ad,dc-example,dc-com.cer” for INFO::root:AD suffix is: DC-greyoak,DC-com The user for the Windows PassSync service is uid-passsync,cn-sysaccounts,cn-etc,dc-greyoak,dc-com INFO:root:Add a new sync agreement, wait, Until he`s ready. INFO:root:Replication Seupliation S] in the works: FALSE: Status: 0 No replication session started since the start of the server: Start: 0: End: 0 INFO:root:the agreement is ready to launch replication . . .

. Start replication, wait until it`s over. Successful update Connected `` to `` One of the most common synchronization errors is, that the IdM server cannot connect to the Active Directory.cer server: n-administrator,cn-users,dc-ad,dc-example,dc-com” –bindpw MySecret -v Delete a winsync replication agreement: ipa-replica-manage separate IPA`s replication agreements in a level 1 domain, use IPA for more information, see “ipa help topology.” A special user input is created for the PassSync service. The DN of this entrance is uid-passsync,cn-sysaccounts,cn-etc,. You don`t need to use PassSync to use a Windows sync agreement, but it is necessary to set a password for the user. I`m trying to set up a FreeIPA and Active Directory sync based on Red Hat documentation. It turned out that the problem was that it didn`t have the replication plugin ds. He was on RHEL 6.1. – The area should not overlap the identification area of an AD Trust. A #freep user also had a problem. It would have a “Update in Progress” loop. .

It is not clear why IPA did not recognize it, but the upgrade to 6.2beta corrected it for him. . – An area on the bridge can be removed by placing it at 0-0. It is assumed that the area is manually moved or merged elsewhere. I added a user to AD and I checked that it finally made its way to the IPA.