[Freeipa-users] Sync with AD error

Sigbjørn Lie sigbjorn at nixtra.com
Fri Mar 11 20:30:05 UTC 2011 

On 03/11/2011 09:16 PM, Rob Crittenden wrote:
> Sigbjørn Lie wrote:
>> Hi,
>>
>> I just upgraded my FreeIPA @ F14 to 2.0.0.rc3, and attempted to add a
>> sync agreement with Active Directory.
>>
>> Added CA certificate /root/testing-ca.cer to certificate database for
>> ipasrv01.ix.testing.com
>> ipa: INFO: AD Suffix is: DC=ad,DC=testing,DC=com
>> The user for the Windows PassSync service is
>> uid=passsync,cn=sysaccounts,cn=etc,dc=ix,dc=testing,dc=com
>> Windows PassSync entry exists, not resetting password
>> ipa: INFO: Added new sync agreement, waiting for it to become ready . 
>> . .
>> ipa: INFO: Replication Update in progress: FALSE: status: 0 Replica
>> acquired successfully: Incremental update succeeded: start:
>> 20110311195207Z: end: 20110311195207Z
>> ipa: INFO: Agreement is ready, starting replication . . .
>> ipa: INFO: Failed to create public entry for winsync replica
>> Starting replication, please wait until this has completed.
>> Update succeeded
>> Connected 'ipasrv01.ix.testing.com' to 'addc01.ad.testing.com'
>>
>>
>> Now I can't list the sync agreements. All I get is:
>>
>> # ipa-replica-manage list
>> unexpected error: * not found
>>
>> Any ideas?
>
> Can you try running /us/sbin/ipa-ldap-updater?
>
> The problem is this didn't run at install so the spot in the DIT to 
> store windows replication agreement info wasn't created, so it 
> couldn't be added (the Failed to create public entry for winsync 
> replica part).
>
> Once you've run ipa-ldap-updater you can add the info with something 
> like:
>
> ldapmodify -x -D 'cn=directory manager' -W
> dn: 
> cn=addc01.ad.testing.com,cn=replicas,cn=ipa,cn=etc,dc=ix,dc=testing,dc=com
> changetype: add
> objectclass: nsContainer
> objectclass: ipaConfigObject
> cn: addc01.ad.testing.com
> ipaConfigString: winsync:ipasrv01.ix.testing.com
> <add an extra RETURN>
>
> ^D to quit
>
Hi,

Thank you. I tried this, the ipa-ldap-updater script updated and created 
quite a few entries and exited without any errors. I then added the info 
as you suggested, also without any errors. However listing replicas 
still doesn't work. Actually, running force-sync or re-initialize yells 
exactly the same error message.

# ipa-replica-manage list
unexpected error: * not found




Rgds,
Siggi

More information about the Freeipa-users mailing list