<html dir="ltr">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
</head>
<body ocsi="0" fpstyle="1" bgcolor="#FFFFFF">
<div style="direction: ltr;font-family: Tahoma;color: #000000;font-size: 10pt;">Ok the error I see repeated in the log is
<br>
<br>
[13/Mar/2014:18:41:21 +0000] slapi_ldap_bind - Error: could not send startTLS request: error -11 (Connect error) errno 0 (Success)<br>
[13/Mar/2014:18:43:11 +0000] slapi_ldap_bind - Error: could not send startTLS request: error -11 (Connect error) errno 0 (Success)<br>
[13/Mar/2014:18:43:14 +0000] slapi_ldap_bind - Error: could not send startTLS request: error -11 (Connect error) errno 0 (Success)<br>
[13/Mar/2014:18:43:20 +0000] slapi_ldap_bind - Error: could not send startTLS request: error -11 (Connect error) errno 0 (Success)<br>
[13/Mar/2014:18:43:32 +0000] slapi_ldap_bind - Error: could not send startTLS request: error -11 (Connect error) errno 0 (Success)<br>
[13/Mar/2014:18:43:56 +0000] slapi_ldap_bind - Error: could not send startTLS request: error -11 (Connect error) errno 0 (Success)<br>
[13/Mar/2014:18:44:30 +0000] slapi_ldap_bind - Error: could not send startTLS request: error -1 (Can't contact LDAP server) errno 0 (Success)<br>
[13/Mar/2014:18:44:33 +0000] slapi_ldap_bind - Error: could not send startTLS request: error -11 (Connect error) errno 0 (Success)<br>
[13/Mar/2014:18:44:44 +0000] slapi_ldap_bind - Error: could not send startTLS request: error -11 (Connect error) errno 0 (Success)<br>
[13/Mar/2014:18:46:20 +0000] slapi_ldap_bind - Error: could not send startTLS request: error -11 (Connect error) errno 0 (Success)<br>
[13/Mar/2014:18:47:29 +0000] slapi_ldap_bind - Error: could not send startTLS request: error -11 (Connect error) errno 0 (Success)<br>
[13/Mar/2014:18:47:32 +0000] slapi_ldap_bind - Error: could not send startTLS request: error -11 (Connect error) errno 0 (Success)<br>
[13/Mar/2014:18:47:38 +0000] slapi_ldap_bind - Error: could not send startTLS request: error -11 (Connect error) errno 0 (Success)<br>
[13/Mar/2014:18:47:50 +0000] slapi_ldap_bind - Error: could not send startTLS request: error -11 (Connect error) errno 0 (Success)<br>
[13/Mar/2014:18:48:11 +0000] slapi_ldap_bind - Error: could not send startTLS request: error -11 (Connect error) errno 0 (Success)<br>
[13/Mar/2014:18:48:14 +0000] slapi_ldap_bind - Error: could not send startTLS request: error -11 (Connect error) errno 0 (Success)<br>
[13/Mar/2014:18:48:20 +0000] slapi_ldap_bind - Error: could not send startTLS request: error -11 (Connect error) errno 0 (Success)<br>
[13/Mar/2014:18:48:32 +0000] slapi_ldap_bind - Error: could not send startTLS request: error -11 (Connect error) errno 0 (Success)<br>
[13/Mar/2014:18:48:56 +0000] slapi_ldap_bind - Error: could not send startTLS request: error -11 (Connect error) errno 0 (Success)<br>
[root@idm-master-els.ops.boingo.com cacerts]$ <br>
<br>
<div style="font-family: Times New Roman; color: #000000; font-size: 16px">
<hr tabindex="-1">
<div style="direction: ltr;" id="divRpF198499"><font size="2" color="#000000" face="Tahoma"><b>From:</b> Rich Megginson [rmeggins@redhat.com]<br>
<b>Sent:</b> Thursday, March 13, 2014 11:43 AM<br>
<b>To:</b> Todd Maugh; freeipa-users@redhat.com<br>
<b>Subject:</b> Re: [Freeipa-users] [freeipa] Issues with Winsync agreement<br>
</font><br>
</div>
<div></div>
<div>
<div class="moz-cite-prefix">On 03/13/2014 12:29 PM, Todd Maugh wrote:<br>
</div>
<blockquote type="cite">
<div style="direction:ltr; font-family:Tahoma; color:#000000; font-size:10pt">ok so I ran that and Get this output<br>
</div>
</blockquote>
<br>
Ok. Next, take a look at /var/log/dirsrv/slapd-OPS-BOINGO-COM/errors<br>
<br>
<blockquote type="cite">
<div style="direction:ltr; font-family:Tahoma; color:#000000; font-size:10pt"><br>
<br>
[<a class="moz-txt-link-abbreviated" href="mailto:root@idm-master-els.ops.boingo.com" target="_blank">root@idm-master-els.ops.boingo.com</a> cacerts]$ LDAPTLS_CACERTDIR=/etc/dirsrv/slapd-OPS-BOINGO-COM ldapsearch -xLLLZZ -h adc13-els.bwinc.local -D "cn=idmadmin,cn=Users,dc=bwinc,dc=local"
-w "XXXXXX" -s base -b "cn=Users,dc=bwinc,dc=local"<br>
dn: cn=Users,dc=bwinc,dc=local<br>
objectClass: top<br>
objectClass: container<br>
cn: Users<br>
description: Default container for upgraded user accounts<br>
distinguishedName: CN=Users,DC=BWINC,DC=local<br>
instanceType: 4<br>
whenCreated: 20060824234034.0Z<br>
whenChanged: 20140306190741.0Z<br>
uSNCreated: 17702<br>
uSNChanged: 17702<br>
showInAdvancedViewOnly: FALSE<br>
name: Users<br>
objectGUID:: kCZ7CbnIZk+0GpmCr3PCfw==<br>
systemFlags: -1946157056<br>
objectCategory: CN=Container,CN=Schema,CN=Configuration,DC=BWINC,DC=local<br>
isCriticalSystemObject: TRUE<br>
dSCorePropagationData: 20140306234416.0Z<br>
dSCorePropagationData: 20140306234348.0Z<br>
dSCorePropagationData: 20140306225101.0Z<br>
dSCorePropagationData: 20140306225055.0Z<br>
dSCorePropagationData: 16010101000000.0Z<br>
<br>
<div style="font-family:Times New Roman; color:#000000; font-size:16px">
<hr tabindex="-1">
<div id="divRpF858776" style="direction:ltr"><font size="2" color="#000000" face="Tahoma"><b>From:</b> Rich Megginson [<a class="moz-txt-link-abbreviated" href="mailto:rmeggins@redhat.com" target="_blank">rmeggins@redhat.com</a>]<br>
<b>Sent:</b> Wednesday, March 12, 2014 3:47 PM<br>
<b>To:</b> Todd Maugh; <a class="moz-txt-link-abbreviated" href="mailto:freeipa-users@redhat.com" target="_blank">
freeipa-users@redhat.com</a><br>
<b>Subject:</b> Re: [Freeipa-users] [freeipa] Issues with Winsync agreement<br>
</font><br>
</div>
<div>
<div class="moz-cite-prefix">On 03/12/2014 04:39 PM, Todd Maugh wrote:<br>
</div>
<blockquote type="cite">
<div style="direction:ltr; font-family:Tahoma; color:#000000; font-size:10pt">thanks Rich,<br>
<br>
when I run that I get the following:<br>
<br>
<br>
<b><font color="FF0000">[<a class="moz-txt-link-abbreviated" href="mailto:root@idm-master-els.ops.boingo.com" target="_blank">root@idm-master-els.ops.boingo.com</a> ipa]$ LDAPTLS_CACERTDIR=/etc/dirsrv/slapd-OPS-BOINGO-COM ldapsearch -xLLLZZ -h adc13-els.bwinc.local
-D "cn=idmadmin,cn=Users,dc=bwinc,dc=local" -w "XXXXXX" s base -b "cn=Users,dc=bwinc,dc=local"<br>
ldap_bind: Invalid credentials (49)<br>
</font></b></div>
</blockquote>
<br>
<font color="FF0000"><b>Invalid cre<font color="FF0000">dentials almost always means your password "XXXXXX" is not correct for user "</font></b></font><b><font color="FF0000">cn=idmadmin,cn=Users,dc=bwinc,dc=local"<br>
<br>
</font></b>
<blockquote type="cite">
<div style="direction:ltr; font-family:Tahoma; color:#000000; font-size:10pt"><b><font color="FF0000"> additional info: 80090308: LdapErr: DSID-0C0903C5, comment: AcceptSecurityContext error, data 52e, v2580<br>
</font></b><br>
<br>
<br>
<div style="font-family:Times New Roman; color:#000000; font-size:16px">
<hr tabindex="-1">
<div id="divRpF268373" style="direction:ltr"><font size="2" color="#000000" face="Tahoma"><b>From:</b> Rich Megginson [<a class="moz-txt-link-abbreviated" href="mailto:rmeggins@redhat.com" target="_blank">rmeggins@redhat.com</a>]<br>
<b>Sent:</b> Wednesday, March 12, 2014 3:30 PM<br>
<b>To:</b> Todd Maugh; <a class="moz-txt-link-abbreviated" href="mailto:freeipa-users@redhat.com" target="_blank">
freeipa-users@redhat.com</a><br>
<b>Subject:</b> Re: [Freeipa-users] [freeipa] Issues with Winsync agreement<br>
</font><br>
</div>
<div>
<div class="moz-cite-prefix">On 03/12/2014 04:18 PM, Todd Maugh wrote:<br>
</div>
<blockquote type="cite"><style id="owaParaStyle" type="text/css">
<!--
p
{margin-top:0;
margin-bottom:0}
body
{direction:ltr;
font-family:Tahoma;
color:#000000;
font-size:10pt}
p
{margin-top:0;
margin-bottom:0}
body
{direction:ltr;
font-family:Tahoma;
color:#000000;
font-size:10pt}
p
{margin-top:0;
margin-bottom:0}
-->
BODY {direction: ltr;font-family: Tahoma;color: #000000;font-size: 10pt;}P {margin-top:0;margin-bottom:0;}</style>
<div style="direction:ltr; font-family:Tahoma; color:#000000; font-size:10pt">Hello.<br>
<br>
I'm using latest IPA build on red hat 6.5<br>
<br>
I retrieved my CA cert from the AD Domain controller<br>
<br>
I try to set up my winsyncagreement and I am getting this<br>
<br>
<br>
<br>
[<a class="moz-txt-link-abbreviated" href="mailto:root@idm-master-els.ops.boingo.com" target="_blank">root@idm-master-els.ops.boingo.com</a> ipa]$ ipa-replica-manage connect --winsync --binddn "cn=idmadmin, cn=Users, dc=bwinc, dc=local" --bindpw "XXXXXX" --passsync
"XXXXXX" --cacert=/etc/openldap/cacerts/ADC13-ELS.CA.cer adc13-els.bwinc.local<br>
Directory Manager password: <br>
<br>
Added CA certificate /etc/openldap/cacerts/ADC13-ELS.CA.cer to certificate database for idm-master-els.ops.boingo.com<br>
ipa: INFO: Failed to connect to AD server adc13-els.bwinc.local<br>
ipa: INFO: The error was: {'info': '80090308: LdapErr: DSID-0C0903C5, comment: AcceptSecurityContext error, data 52e, v2580', 'desc': 'Invalid credentials'}<br>
Failed to setup winsync replication<br>
<br>
<br>
not sure where to look for the logs for this to see what the invalivd credentials are or wether this might still be a cert issue or a log in issue or what not?<br>
</div>
</blockquote>
<br>
You can test with ldapsearch like this:<br>
<br>
$ LDAPTLS_CACERTDIR=/etc/dirsrv/slapd-DOMAIN-COM ldapsearch -xLLLZZ -h adc13-els.bwinc.local -D "cn=idmadmin,cn=Users,dc=bwinc,dc=local" -w "XXXXXX" -s base -b "cn=Users,dc=bwinc,dc=local"<br>
<br>
<blockquote type="cite">
<div style="direction:ltr; font-family:Tahoma; color:#000000; font-size:10pt"><br>
<br>
Thanks in advance for the help<br>
<br>
-Todd<br>
<br>
<br>
</div>
<br>
<fieldset class="mimeAttachmentHeader" target="_blank"></fieldset> <br>
<pre>_______________________________________________
Freeipa-users mailing list
<a class="moz-txt-link-abbreviated" href="mailto:Freeipa-users@redhat.com" target="_blank">Freeipa-users@redhat.com</a>
<a class="moz-txt-link-freetext" href="https://www.redhat.com/mailman/listinfo/freeipa-users" target="_blank">https://www.redhat.com/mailman/listinfo/freeipa-users</a></pre>
</blockquote>
<br>
</div>
</div>
</div>
</blockquote>
<br>
</div>
</div>
</div>
</blockquote>
<br>
</div>
</div>
</div>
</body>
</html>