laurent2.perrin--- via FreeIPA-users wrote:
Hi,
I'm trying to setup a FreeIPA and Active Directory synchronisation following Red Hat documentation(https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/7/htm...).
The ipa-replica-manage command returns a success but no user are imported in FreeIPA:
ipa-replica-manage connect --winsync --binddn='cn=ipasync,cn=Users,dc=ipa,dc=local' --bindpw='####' --passsync #### --cacert ipa-a-v
Directory Manager password:
Added CA certificate ipa-ad.cloud.620nm.net.cer to certificate database for ipa.cloud.620nm.net
ipa: INFO: AD Suffix is: DC=ipa,DC=local
The user for the Windows PassSync service is uid=passsync,cn=sysaccounts,cn=etc,dc=ipa,dc=cloud,dc=620nm,dc=net
Windows PassSync system account exists, not resetting password
ipa: INFO: Added new sync agreement, waiting for it to become ready . . .
ipa: INFO: Replication Update in progress: FALSE: status: Error (0) Replica acquired successfully: Incremental update started: start: 0: end: 0
ipa: INFO: Agreement is ready, starting replication . . .
Starting replication, please wait until this has completed.
Update in progress, 2 seconds elapsed
Update succeeded
The ipasync user has been created with the rights as described in the documentation.
In the freeipa logs, I didn’t find any error message that could explain that user are not imported.
Are your AD users under DC=ipa,DC=local?
Have you considered using AD trust instead of sync?
rob