<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<meta content="text/html; charset=ISO-8859-1"
http-equiv="Content-Type">
</head>
<body bgcolor="#ffffff" text="#000000">
On 03/02/2011 07:40 PM, Sayid Munawar wrote:
<blockquote
cite="mid:AANLkTiksH-CtW=uixK7ZJNugmK3JB_sG4V7cADZcO3Ek@mail.gmail.com"
type="cite">Dear,
<div><br>
</div>
<div>I have successfully installed freeipa-server 2 rc2. and
create some test user and tested machine enrollment. now, what i
want to do next is sync all my windows 2008r2 AD accounts. i've
got already get the cert needed, and tested it with ldapsearch
tools in the same host as the freeipa-server. so i assume that
AD connection is ok. but when i did ipa-manage-replica, it
complaints about "Can't connect LDAP server". here it is:</div>
<div><br>
</div>
<div>
<div>[root@yk ~]# ipa-replica-manage connect --winsync --binddn
"cn=Fedora DS,ou=JogjaCamp,dc=dot,dc=jc" --bindpw "somesecret"
--cacert /root/jcamp-DC1-buat-389DirServ.cer --passsync
secretagain -p anothersecret DC1.DOT.JC</div>
<div><br>
</div>
<div>Added CA certificate /root/jcamp-DC1-buat-389DirServ.cer to
certificate database for yk.nix.jc</div>
<div>ipa: INFO: Failed to connect to AD server dc1.dot.jc</div>
<div>ipa: INFO: The error was: {'info': 'TLS error -8179:Unknown
code ___f 13', 'desc': "Can't contact LDAP server"}</div>
<div>ipa: INFO: Continuning ...</div>
<div>The user for the Windows PassSync service is
uid=passsync,cn=sysaccounts,cn=etc,dc=nix,dc=jc</div>
<div>Windows PassSync entry exists, not resetting password</div>
<div>ipa: INFO: Added new sync agreement, waiting for it to
become ready . . .</div>
<div>ipa: INFO: Replication Update in progress: FALSE: status: 0
No replication sessions started since server startup: start:
0: end: 0</div>
<div>ipa: INFO: Agreement is ready, starting replication . . .</div>
<div>Starting replication, please wait until this has completed.</div>
<div>Can't contact LDAP server</div>
</div>
</blockquote>
Is your ldap server running after this?<br>
What is your platform?<br>
What version of 389-ds-base? rpm -qi 389-ds-base<br>
<blockquote
cite="mid:AANLkTiksH-CtW=uixK7ZJNugmK3JB_sG4V7cADZcO3Ek@mail.gmail.com"
type="cite">
<div>
<div>[root@yk ~]# </div>
</div>
<div><br>
</div>
<div><br>
</div>
<div>- I have no idea why AD connection is fail here, while it was
ok with ldapsearch tool. any clue ?</div>
<div><br>
</div>
<div>- and one more question: what is --passsync argument for? is
it for foce setting a "new password" for passsync user, or we
have to first define a password for passsync user ?</div>
<div><br>
</div>
<div>TIA</div>
<div><br>
</div>
<div>Sayid Munawar</div>
<pre wrap="">
<fieldset class="mimeAttachmentHeader"></fieldset>
_______________________________________________
Freeipa-users mailing list
<a class="moz-txt-link-abbreviated" href="mailto:Freeipa-users@redhat.com">Freeipa-users@redhat.com</a>
<a class="moz-txt-link-freetext" href="https://www.redhat.com/mailman/listinfo/freeipa-users">https://www.redhat.com/mailman/listinfo/freeipa-users</a></pre>
</blockquote>
<br>
</body>
</html>