<html>
<head>
<meta content="text/html; charset=windows-1252"
http-equiv="Content-Type">
</head>
<body text="#000000" bgcolor="#FFFFFF">
I am having a look at the documentation again..<br>
<br>
And having version 1.1.6 of the PassSync tool means: <br>
<meta charset="utf-8">
<p style="box-sizing: border-box; margin: 0px 0px 10px; color:
rgb(51, 51, 51); font-family: 'Liberation Sans', 'Helvetica Neue',
Helvetica, Arial, sans-serif; font-size: 14px; font-style: normal;
font-variant: normal; font-weight: normal; letter-spacing: normal;
line-height: 19.999979019165px; orphans: auto; text-align: start;
text-indent: 0px; text-transform: none; white-space: normal;
widows: 1; word-spacing: 0px; -webkit-text-stroke-width: 0px;
background-color: rgb(255, 255, 255);">[**] 389-PassSync-<span
class="caps" style="box-sizing: border-box;">1.1.6</span><span
class="Apple-converted-space"> </span>disables SSLv3 by default.</p>
<br class="Apple-interchange-newline">
And I can see in the LDAP Info from IPA that SSLv3 and SSLv2 as
OFF.. So, "theoretically", it should work as SSLv3 is disable on
both?<br>
<br>
thanks!<br>
<br>
<div class="moz-cite-prefix">On 13/03/2015 19:04,
<a class="moz-txt-link-abbreviated" href="mailto:g.fer.ordas@unicyber.co.uk">g.fer.ordas@unicyber.co.uk</a> wrote:<br>
</div>
<blockquote
cite="mid:fbf5f0d7e0168bfe0460856cd49af418@unicyber.co.uk"
type="cite">
<br>
Thanks to everyone for the replies.
<br>
<br>
The installed version for the passsync is 1.1.6 and using the
latest I got in RPMs form centos7 so the following:
<br>
89-ds-base-1.3.1.6-26.el7_0.x86_64
<br>
389-ds-base-libs-1.3.1.6-26.el7_0.x86_64
<br>
sssd-ipa-1.11.2-68.el7_0.6.x86_64
<br>
ipa-python-3.3.3-28.0.1.el7.centos.3.x86_64
<br>
ipa-admintools-3.3.3-28.0.1.el7.centos.3.x86_64
<br>
libipa_hbac-1.11.2-68.el7_0.6.x86_64
<br>
ipa-server-3.3.3-28.0.1.el7.centos.3.x86_64
<br>
ipa-client-3.3.3-28.0.1.el7.centos.3.x86_64
<br>
libipa_hbac-python-1.11.2-68.el7_0.6.x86_64
<br>
<br>
I haven't installed anything manually but using the Centos'
Repos...
<br>
<br>
thanks!!!
<br>
<br>
<br>
<br>
<br>
On 2015-03-13 17:02, Dmitri Pal wrote:
<br>
<blockquote type="cite">On 03/13/2015 12:45 PM,
<a class="moz-txt-link-abbreviated" href="mailto:g.fer.ordas@unicyber.co.uk">g.fer.ordas@unicyber.co.uk</a> wrote:
<br>
<br>
<blockquote type="cite">Hi
<br>
<br>
I am going forward with a Password Sync AD (window 2013) ----
<br>
FreeIPA
<br>
<br>
ipa-server-3.3.3-28.0.1.el7 on a Centos7 Box.
<br>
<br>
I got the Password Sync Tool installed in the Windows2013 box
and I
<br>
have created a user with it's related password as I am trying
to
<br>
test the password changes...
<br>
<br>
Looking at the access logs I can see the following related to
the
<br>
Sync Process:
<br>
<br>
--------
<br>
<br>
[13/Mar/2015:09:22:02 -0700] conn=2 op=10 RESULT err=32
tag=101
<br>
nentries=0 etime=0
<br>
[13/Mar/2015:09:23:27 -0700] conn=13 fd=82 slot=82 SSL
connection
<br>
from AD.Server to FreeIPA.Server
<br>
[13/Mar/2015:09:23:27 -0700] conn=13 op=-1 fd=82 closed - Peer
<br>
reports incompatible or unsupported protocol version.
<br>
[13/Mar/2015:09:23:29 -0700] conn=14 fd=82 slot=82 SSL
connection
<br>
from AD.Server to FreeIPA.Server
<br>
[13/Mar/2015:09:23:29 -0700] conn=14 op=-1 fd=82 closed - Peer
<br>
reports incompatible or unsupported protocol version.
<br>
[13/Mar/2015:09:23:33 -0700] conn=15 fd=82 slot=82 SSL
connection
<br>
from AD.Server to FreeIPA.Server
<br>
[13/Mar/2015:09:23:33 -0700] conn=15 op=-1 fd=82 closed - Peer
<br>
reports incompatible or unsupported protocol version.
<br>
[13/Mar/2015:09:23:41 -0700] conn=16 fd=82 slot=82 SSL
connection
<br>
from AD.Server to FreeIPA.Server
<br>
[13/Mar/2015:09:23:41 -0700] conn=16 op=-1 fd=82 closed - Peer
<br>
reports incompatible or unsupported protocol version.
<br>
[13/Mar/2015:09:23:57 -0700] conn=17 fd=82 slot=82 SSL
connection
<br>
from AD.Server to FreeIPA.Server
<br>
[13/Mar/2015:09:23:57 -0700] conn=17 op=-1 fd=82 closed - Peer
<br>
reports incompatible or unsupported protocol version.
<br>
[13/Mar/2015:09:24:29 -0700] conn=18 fd=82 slot=82 SSL
connection
<br>
from AD.Server to FreeIPA.Server
<br>
[13/Mar/2015:09:24:29 -0700] conn=18 op=-1 fd=82 closed - Peer
<br>
reports incompatible or unsupported protocol version.
<br>
[13/Mar/2015:09:25:34 -0700] conn=19 fd=91 slot=91 SSL
connection
<br>
from AD.Server to FreeIPA.Server
<br>
[13/Mar/2015:09:25:34 -0700] conn=19 op=-1 fd=91 closed - Peer
<br>
reports incompatible or unsupported protocol version.
<br>
--------
<br>
<br>
So the passwords do not seem to be copied across.
<br>
Any idea why is this happening and how to troubleshoot it?
<br>
<br>
Many Thanks
<br>
</blockquote>
This might be related to the one of the vulnerabilities that
was
<br>
found last year. Make sure that you have the latest available
versions
<br>
on both sides. If you have a mismatch then the client might not
talk
<br>
the TLS version that server expects or vice verse.
<br>
<br>
--
<br>
Thank you,
<br>
Dmitri Pal
<br>
<br>
Sr. Engineering Manager IdM portfolio
<br>
Red Hat, Inc.
<br>
</blockquote>
<br>
</blockquote>
<br>
</body>
</html>