Hi FreeIpa Community, i'm actually new to the software and have some basic questions. We have linux users in in active directory.
To be more flexible, we would like to install freeipa, import all users from ad and manage all the stuff like ssh, sudo etc. from ipa. 1. Do i need establish a trust first like mentioned here: https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/7/html/Windows_Integration_Guide/creating-trusts.html#trust-one-two-way 2. Or can we just create a sync to import all "linux-users" from ad into ipa and manage them just like ipa-users: https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/7/html/Windows_Integration_Guide/managing-sync-agmt.html 3. ipa-replica-manage connect --winsync --binddn cn=administrator,cn=users,dc=example,dc=com --bindpw "***" --passsync "***" --cacert /root/dc1.crt dc1.example.com -v getting an error: Traceback (most recent call last): File "/usr/sbin/ipa-replica-manage", line 1607, in <module> main(options, args) File "/usr/sbin/ipa-replica-manage", line 1566, in main add_link(realm, replica1, replica2, dirman_passwd, options) File "/usr/sbin/ipa-replica-manage", line 1118, in add_link if not ds.add_ca_cert(options.cacert): File "/usr/lib/python2.7/site-packages/ipaserver/install/dsinstance.py", line 1018, in add_ca_cert certdb.load_cacert(cacert_fname, 'C,,') File "/usr/lib/python2.7/site-packages/ipaserver/install/certs.py", line 261, in load_cacert (rdn, subject_dn) = get_cert_nickname(cert) File "/usr/lib/python2.7/site-packages/ipaserver/install/certs.py", line 67, in get_cert_nickname return (str(dn[0]), dn) File "/usr/lib/python2.7/site-packages/ipapython/dn.py", line 1170, in __getitem__ return self._get_rdn(self.rdns[key]) IndexError: list index out of range Unexpected error: list index out of range [root@ipa01<mailto:root@ipa01> ~]# uname -r 3.10.0-327.el7.x86_64 [root@ipa01<mailto:root@ipa01> ~]# cat /etc/redhat-release CentOS Linux release 7.3.1611 (Core) We would appreciate any help, greets, Denis
-- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project