[Freeipa-users] FreeIPA & Windows AD Replication
Matt
ops at 100percentit.com
Tue May 22 09:18:33 UTC 2012
Hi,
I am attempting to run replication between Windows AD (2008R2) and a
FreeIPA (2.2.0) server (fc-17) in a test setup.
I have bound FreeIPA to the AD server 'sucessfully'
[root at ipa2 cacerts]# ipa-replica-manage connect --winsync --binddn
"CN=Administrator,CN=Users,DC=IPA,DC=100it,DC=net" --bindpw <Password>
--passsync <Password> --cacert /etc/openldap/cacerts/AD.cer -v
ipa.100it.net -p <Password>
Added CA certificate /etc/openldap/cacerts/AD.cer to certificate
database for ipa2.100it.net
ipa: INFO: AD Suffix is: DC=IPA,DC=100it,DC=net
The user for the Windows PassSync service is
uid=passsync,cn=sysaccounts,cn=etc,dc=100it,dc=net
Windows PassSync entry exists, not resetting password
ipa: INFO: Added new sync agreement, waiting for it to become ready . . .
ipa: INFO: Replication Update in progress: FALSE: status: -11 - System
error: start: 0: end: 0
ipa: INFO: Agreement is ready, starting replication . . .
Starting replication, please wait until this has completed.
[ipa2.100it.net] reports: Update failed! Status: [-11 - System error]
Failed to start replication
The server now shows in the replica list:
[root at ipa2 ~]# ipa-replica-manage list -p <password>
ipa.100it.net: winsync
ipa2.100it.net: master
But any attemps to re-initialise the connection result in the same
"[-11 - System error]" message:
[root at ipa2 ~]# ipa-replica-manage re-initialize --from ipa.100it.net -p
<password>
[ipa2.100it.net] reports: Update failed! Status: [-11 - System error]
There are no messages that relate to the connection in event viewer and
nothing other then "[-11 - System error]" in any of the freeIPA log files.
Thanks
Matt
More information about the Freeipa-users
mailing list