[Freeipa-users] [freeipa] Issues with Winsync agreement

Thu Mar 13 18:43:42 UTC 2014

On 03/13/2014 12:29 PM, Todd Maugh wrote:
> ok so I ran that and Get this output

Ok.  Next, take a look at /var/log/dirsrv/slapd-OPS-BOINGO-COM/errors

>
>
> [root at idm-master-els.ops.boingo.com cacerts]$ 
> LDAPTLS_CACERTDIR=/etc/dirsrv/slapd-OPS-BOINGO-COM ldapsearch -xLLLZZ 
> -h adc13-els.bwinc.local -D "cn=idmadmin,cn=Users,dc=bwinc,dc=local" 
> -w "XXXXXX"  -s base -b "cn=Users,dc=bwinc,dc=local"
> dn: cn=Users,dc=bwinc,dc=local
> objectClass: top
> objectClass: container
> cn: Users
> description: Default container for upgraded user accounts
> distinguishedName: CN=Users,DC=BWINC,DC=local
> instanceType: 4
> whenCreated: 20060824234034.0Z
> whenChanged: 20140306190741.0Z
> uSNCreated: 17702
> uSNChanged: 17702
> showInAdvancedViewOnly: FALSE
> name: Users
> objectGUID:: kCZ7CbnIZk+0GpmCr3PCfw==
> systemFlags: -1946157056
> objectCategory: CN=Container,CN=Schema,CN=Configuration,DC=BWINC,DC=local
> isCriticalSystemObject: TRUE
> dSCorePropagationData: 20140306234416.0Z
> dSCorePropagationData: 20140306234348.0Z
> dSCorePropagationData: 20140306225101.0Z
> dSCorePropagationData: 20140306225055.0Z
> dSCorePropagationData: 16010101000000.0Z
>
> ------------------------------------------------------------------------
> *From:* Rich Megginson [rmeggins at redhat.com]
> *Sent:* Wednesday, March 12, 2014 3:47 PM
> *To:* Todd Maugh; freeipa-users at redhat.com
> *Subject:* Re: [Freeipa-users] [freeipa] Issues with Winsync agreement
>
> On 03/12/2014 04:39 PM, Todd Maugh wrote:
>> thanks Rich,
>>
>> when I run that  I get the following:
>>
>>
>> *[root at idm-master-els.ops.boingo.com ipa]$ 
>> LDAPTLS_CACERTDIR=/etc/dirsrv/slapd-OPS-BOINGO-COM ldapsearch -xLLLZZ 
>> -h adc13-els.bwinc.local -D "cn=idmadmin,cn=Users,dc=bwinc,dc=local" 
>> -w "XXXXXX" s base -b "cn=Users,dc=bwinc,dc=local"
>> ldap_bind: Invalid credentials (49)
>> *
>
> *Invalid credentials almost always means your password "XXXXXX" is not 
> correct for user "**cn=idmadmin,cn=Users,dc=bwinc,dc=local"
>
> *
>> *additional info: 80090308: LdapErr: DSID-0C0903C5, comment: 
>> AcceptSecurityContext error, data 52e, v2580
>> *
>>
>>
>> ------------------------------------------------------------------------
>> *From:* Rich Megginson [rmeggins at redhat.com]
>> *Sent:* Wednesday, March 12, 2014 3:30 PM
>> *To:* Todd Maugh; freeipa-users at redhat.com
>> *Subject:* Re: [Freeipa-users] [freeipa] Issues with Winsync agreement
>>
>> On 03/12/2014 04:18 PM, Todd Maugh wrote:
>>> Hello.
>>>
>>> I'm using latest IPA build on red hat 6.5
>>>
>>> I retrieved my CA cert from the AD Domain controller
>>>
>>> I try to set up my winsyncagreement and I am getting this
>>>
>>>
>>>
>>> [root at idm-master-els.ops.boingo.com ipa]$ ipa-replica-manage connect 
>>> --winsync --binddn "cn=idmadmin, cn=Users, dc=bwinc, dc=local" 
>>> --bindpw "XXXXXX" --passsync "XXXXXX" 
>>> --cacert=/etc/openldap/cacerts/ADC13-ELS.CA.cer adc13-els.bwinc.local
>>> Directory Manager password:
>>>
>>> Added CA certificate /etc/openldap/cacerts/ADC13-ELS.CA.cer to 
>>> certificate database for idm-master-els.ops.boingo.com
>>> ipa: INFO: Failed to connect to AD server adc13-els.bwinc.local
>>> ipa: INFO: The error was: {'info': '80090308: LdapErr: 
>>> DSID-0C0903C5, comment: AcceptSecurityContext error, data 52e, 
>>> v2580', 'desc': 'Invalid credentials'}
>>> Failed to setup winsync replication
>>>
>>>
>>> not sure where to look for the logs for this to see what the 
>>> invalivd credentials are or wether this might still be a cert issue 
>>> or a log in issue or what not?
>>
>> You can test with ldapsearch like this:
>>
>> $ LDAPTLS_CACERTDIR=/etc/dirsrv/slapd-DOMAIN-COM ldapsearch -xLLLZZ 
>> -h adc13-els.bwinc.local -D "cn=idmadmin,cn=Users,dc=bwinc,dc=local" 
>> -w "XXXXXX" -s base -b "cn=Users,dc=bwinc,dc=local"
>>
>>>
>>>
>>> Thanks in advance for the help
>>>
>>> -Todd
>>>
>>>
>>>
>>>
>>> _______________________________________________
>>> Freeipa-users mailing list
>>> Freeipa-users at redhat.com
>>> https://www.redhat.com/mailman/listinfo/freeipa-users
>>
>

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20140313/d40b1105/attachment.htm>