[Freeipa-users] [freeipa] Issues with Winsync agreement

Rich Megginson rmeggins at redhat.com
Wed Mar 12 22:47:42 UTC 2014 

On 03/12/2014 04:39 PM, Todd Maugh wrote:
> thanks Rich,
>
> when I run that  I get the following:
>
>
> *[root at idm-master-els.ops.boingo.com ipa]$ 
> LDAPTLS_CACERTDIR=/etc/dirsrv/slapd-OPS-BOINGO-COM ldapsearch -xLLLZZ 
> -h adc13-els.bwinc.local -D "cn=idmadmin,cn=Users,dc=bwinc,dc=local" 
> -w "XXXXXX" s base -b "cn=Users,dc=bwinc,dc=local"
> ldap_bind: Invalid credentials (49)
> *

*Invalid credentials almost always means your password "XXXXXX" is not 
correct for user "**cn=idmadmin,cn=Users,dc=bwinc,dc=local"

*
> *    additional info: 80090308: LdapErr: DSID-0C0903C5, comment: 
> AcceptSecurityContext error, data 52e, v2580
> *
>
>
> ------------------------------------------------------------------------
> *From:* Rich Megginson [rmeggins at redhat.com]
> *Sent:* Wednesday, March 12, 2014 3:30 PM
> *To:* Todd Maugh; freeipa-users at redhat.com
> *Subject:* Re: [Freeipa-users] [freeipa] Issues with Winsync agreement
>
> On 03/12/2014 04:18 PM, Todd Maugh wrote:
>> Hello.
>>
>> I'm using latest IPA build on red hat 6.5
>>
>> I retrieved my CA cert from the AD Domain controller
>>
>> I try to set up my winsyncagreement and I am getting this
>>
>>
>>
>> [root at idm-master-els.ops.boingo.com ipa]$ ipa-replica-manage connect 
>> --winsync --binddn "cn=idmadmin, cn=Users, dc=bwinc, dc=local" 
>> --bindpw "XXXXXX" --passsync "XXXXXX" 
>> --cacert=/etc/openldap/cacerts/ADC13-ELS.CA.cer adc13-els.bwinc.local
>> Directory Manager password:
>>
>> Added CA certificate /etc/openldap/cacerts/ADC13-ELS.CA.cer to 
>> certificate database for idm-master-els.ops.boingo.com
>> ipa: INFO: Failed to connect to AD server adc13-els.bwinc.local
>> ipa: INFO: The error was: {'info': '80090308: LdapErr: DSID-0C0903C5, 
>> comment: AcceptSecurityContext error, data 52e, v2580', 'desc': 
>> 'Invalid credentials'}
>> Failed to setup winsync replication
>>
>>
>> not sure where to look for the logs for this to see what the invalivd 
>> credentials are or wether this might still be a cert issue or a log 
>> in issue or what not?
>
> You can test with ldapsearch like this:
>
> $ LDAPTLS_CACERTDIR=/etc/dirsrv/slapd-DOMAIN-COM ldapsearch -xLLLZZ -h 
> adc13-els.bwinc.local -D "cn=idmadmin,cn=Users,dc=bwinc,dc=local" -w 
> "XXXXXX" -s base -b "cn=Users,dc=bwinc,dc=local"
>
>>
>>
>> Thanks in advance for the help
>>
>> -Todd
>>
>>
>>
>>
>> _______________________________________________
>> Freeipa-users mailing list
>> Freeipa-users at redhat.com
>> https://www.redhat.com/mailman/listinfo/freeipa-users
>

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20140312/551cb3be/attachment.htm>

More information about the Freeipa-users mailing list