[Fedora-directory-users] SSH help

Richard Megginson rmeggins at redhat.com
Sat Apr 14 03:27:25 UTC 2007 

Dennis Crissman wrote:
> I am really struggling to get Fedora Directory Server working using 
> ADSync. I am confused on a lot of fronts, it would be fair to say I am 
> a newbie when it comes to SSH, CAs, and synchronizing anything against 
> Active Directory. So I am at a disadvantage to start with.
>
> I have been using 
> http://directory.fedoraproject.org/wiki/Howto:WindowsSync for my 
> instruction base as well as 
> http://directory.fedoraproject.org/wiki/Howto:SSL for setting up FDS 
> to use SSL.
>
> Here are my steps so far:
> 1) Install and setup FDS and create my directory server. So far so good.
> 2) Execute setupssl.sh from the Howto:SSL link above.
>     * As far as I can tell this script automates everything in "Basic 
> Steps", so correct me if I am wrong, but I shouldn't have to actually 
> do any of them after running the script?
Correct.
> 3) Restart both my admin and directory servers.
>
> After I have restarted my servers, it would seem to me that FDS would 
> be exclusively accessible over port 636. So I use an LDAP Browser to 
> verify, and it turns out that 389 is still available and the other 
> isn't. Why is this?
It should listen to both 389 and 636.  Check the error log, do netstat 
-an | grep 636, and use ldapsearch instead of LDAP Browser to verify.
>
> At this point I decide to move onto another step 
> (http://directory.fedoraproject.org/wiki/Howto:WindowsSync#Enabling_SSL_for_PassSync) 
> in the instructions and setup ADSync on the Active Directory box. 
> Install goes fine, though I am obviously unable to get it to connect 
> to the FDS yet.
>
> I am able to create the cert8.db, but then hit a road block again when 
> I try to execute "pk12util -d . -P slapd-<instance> -o servercert.p12 
> -n Server-Cert", and yes I swap <instance> for my host name. I get 
> this exception: "pk12util: find user certs from nickname failed: 
> security library: bad database.". Any idea?
I think you can skip this step.  But when you give the -P argument, do 
not forget the trailing dash - the prefix (-P) is really slapd-instance-
>
> I know this is a lot, but I would appreciate any help I can get.
>
> Thank you,
> Dennis
>
>
>
>
>
> -- 
> The sender of this email subscribes to Perimeter eSecurity's email
> anti-virus service. This email has been scanned for malicious code and is
> believed to be virus free. For more information on email security please
> visit: http://www.perimeterusa.com/email-defense-content.html
> This communication is confidential, intended only for the named 
> recipient(s)
> above and may contain trade secrets or other information that is 
> exempt from
> disclosure under applicable law. Any use, dissemination, distribution or
> copying of this communication by anyone other than the named 
> recipient(s) is
> strictly prohibited. If you have received this communication in error, 
> please
> delete the email and immediately notify our Command Center at 
> 203-541-3444.
>
> Thanks
> -- 
> Fedora-directory-users mailing list
> Fedora-directory-users at redhat.com
> https://www.redhat.com/mailman/listinfo/fedora-directory-users
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 3245 bytes
Desc: S/MIME Cryptographic Signature
URL: <http://lists.fedoraproject.org/pipermail/389-users/attachments/20070413/a05b458f/attachment.bin>

More information about the 389-users mailing list