<html>
<head>
<meta content="text/html; charset=ISO-8859-1"
http-equiv="Content-Type">
</head>
<body bgcolor="#FFFFFF" text="#000000">
<div class="moz-cite-prefix">On 03/13/2015 12:45 PM,
<a class="moz-txt-link-abbreviated" href="mailto:g.fer.ordas@unicyber.co.uk">g.fer.ordas@unicyber.co.uk</a> wrote:<br>
</div>
<blockquote
cite="mid:131d63e5c051862842579ef4efd40591@unicyber.co.uk"
type="cite">
<pre>Hi
I am going forward with a Password Sync AD (window 2013) ---- FreeIPA</pre>
<p class="p1"><span class="s1">ipa</span>-server-3.3.3-28.0.1.el7
on a Centos7 Box.</p>
<p class="p1">I got the Password Sync Tool installed in the
Windows2013 box and I have created a user with it's related
password as I am trying to test the password changes...</p>
<p class="p1">Looking at the access logs I can see the following
related to the Sync Process:</p>
<p class="p1">--------</p>
<pre>[13/Mar/2015:09:22:02 -0700] conn=2 op=10 RESULT err=32 tag=101 nentries=0 etime=0
[13/Mar/2015:09:23:27 -0700] conn=13 fd=82 slot=82 SSL connection from AD.Server to FreeIPA.Server
[13/Mar/2015:09:23:27 -0700] conn=13 op=-1 fd=82 closed - Peer reports incompatible or unsupported protocol version.
[13/Mar/2015:09:23:29 -0700] conn=14 fd=82 slot=82 SSL connection from AD.Server to FreeIPA.Server
[13/Mar/2015:09:23:29 -0700] conn=14 op=-1 fd=82 closed - Peer reports incompatible or unsupported protocol version.
[13/Mar/2015:09:23:33 -0700] conn=15 fd=82 slot=82 SSL connection from AD.Server to FreeIPA.Server
[13/Mar/2015:09:23:33 -0700] conn=15 op=-1 fd=82 closed - Peer reports incompatible or unsupported protocol version.
[13/Mar/2015:09:23:41 -0700] conn=16 fd=82 slot=82 SSL connection from AD.Server to FreeIPA.Server
[13/Mar/2015:09:23:41 -0700] conn=16 op=-1 fd=82 closed - Peer reports incompatible or unsupported protocol version.
[13/Mar/2015:09:23:57 -0700] conn=17 fd=82 slot=82 SSL connection from AD.Server to FreeIPA.Server
[13/Mar/2015:09:23:57 -0700] conn=17 op=-1 fd=82 closed - Peer reports incompatible or unsupported protocol version.
[13/Mar/2015:09:24:29 -0700] conn=18 fd=82 slot=82 SSL connection from AD.Server to FreeIPA.Server
[13/Mar/2015:09:24:29 -0700] conn=18 op=-1 fd=82 closed - Peer reports incompatible or unsupported protocol version.
[13/Mar/2015:09:25:34 -0700] conn=19 fd=91 slot=91 SSL connection from AD.Server to FreeIPA.Server
[13/Mar/2015:09:25:34 -0700] conn=19 op=-1 fd=91 closed - Peer reports incompatible or unsupported protocol version.
--------
So the passwords do not seem to be copied across.
Any idea why is this happening and how to troubleshoot it?
</pre>
<p>Many Thanks</p>
<p> </p>
<br>
<fieldset class="mimeAttachmentHeader"></fieldset>
<br>
</blockquote>
This might be related to the one of the vulnerabilities that was
found last year. Make sure that you have the latest available
versions on both sides. If you have a mismatch then the client might
not talk the TLS version that server expects or vice verse.<br>
<br>
<pre class="moz-signature" cols="72">--
Thank you,
Dmitri Pal
Sr. Engineering Manager IdM portfolio
Red Hat, Inc.</pre>
</body>
</html>