[Freeipa-users] [freeipa] Issues with Winsync agreement
Rich Megginson
rmeggins at redhat.com
Wed Mar 12 22:30:28 UTC 2014
On 03/12/2014 04:18 PM, Todd Maugh wrote:
> Hello.
>
> I'm using latest IPA build on red hat 6.5
>
> I retrieved my CA cert from the AD Domain controller
>
> I try to set up my winsyncagreement and I am getting this
>
>
>
> [root at idm-master-els.ops.boingo.com ipa]$ ipa-replica-manage connect
> --winsync --binddn "cn=idmadmin, cn=Users, dc=bwinc, dc=local"
> --bindpw "XXXXXX" --passsync "XXXXXX"
> --cacert=/etc/openldap/cacerts/ADC13-ELS.CA.cer adc13-els.bwinc.local
> Directory Manager password:
>
> Added CA certificate /etc/openldap/cacerts/ADC13-ELS.CA.cer to
> certificate database for idm-master-els.ops.boingo.com
> ipa: INFO: Failed to connect to AD server adc13-els.bwinc.local
> ipa: INFO: The error was: {'info': '80090308: LdapErr: DSID-0C0903C5,
> comment: AcceptSecurityContext error, data 52e, v2580', 'desc':
> 'Invalid credentials'}
> Failed to setup winsync replication
>
>
> not sure where to look for the logs for this to see what the invalivd
> credentials are or wether this might still be a cert issue or a log in
> issue or what not?
You can test with ldapsearch like this:
$ LDAPTLS_CACERTDIR=/etc/dirsrv/slapd-DOMAIN-COM ldapsearch -xLLLZZ -h
adc13-els.bwinc.local -D "cn=idmadmin,cn=Users,dc=bwinc,dc=local" -w
"XXXXXX" -s base -b "cn=Users,dc=bwinc,dc=local"
>
>
> Thanks in advance for the help
>
> -Todd
>
>
>
>
> _______________________________________________
> Freeipa-users mailing list
> Freeipa-users at redhat.com
> https://www.redhat.com/mailman/listinfo/freeipa-users
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20140312/05dfcbb8/attachment.htm>
More information about the Freeipa-users
mailing list