[Freeipa-users] [freeipa] Issues with Winsync agreement

Thu Mar 13 19:05:22 UTC 2014

On 03/13/2014 12:50 PM, Todd Maugh wrote:
> Ok the error I see repeated in the log is
>
> [13/Mar/2014:18:41:21 +0000] slapi_ldap_bind - Error: could not send 
> startTLS request: error -11 (Connect error) errno 0 (Success)
> [13/Mar/2014:18:43:11 +0000] slapi_ldap_bind - Error: could not send 
> startTLS request: error -11 (Connect error) errno 0 (Success)
> [13/Mar/2014:18:43:14 +0000] slapi_ldap_bind - Error: could not send 
> startTLS request: error -11 (Connect error) errno 0 (Success)
> [13/Mar/2014:18:43:20 +0000] slapi_ldap_bind - Error: could not send 
> startTLS request: error -11 (Connect error) errno 0 (Success)
> [13/Mar/2014:18:43:32 +0000] slapi_ldap_bind - Error: could not send 
> startTLS request: error -11 (Connect error) errno 0 (Success)
> [13/Mar/2014:18:43:56 +0000] slapi_ldap_bind - Error: could not send 
> startTLS request: error -11 (Connect error) errno 0 (Success)
> [13/Mar/2014:18:44:30 +0000] slapi_ldap_bind - Error: could not send 
> startTLS request: error -1 (Can't contact LDAP server) errno 0 (Success)
> [13/Mar/2014:18:44:33 +0000] slapi_ldap_bind - Error: could not send 
> startTLS request: error -11 (Connect error) errno 0 (Success)
> [13/Mar/2014:18:44:44 +0000] slapi_ldap_bind - Error: could not send 
> startTLS request: error -11 (Connect error) errno 0 (Success)
> [13/Mar/2014:18:46:20 +0000] slapi_ldap_bind - Error: could not send 
> startTLS request: error -11 (Connect error) errno 0 (Success)
> [13/Mar/2014:18:47:29 +0000] slapi_ldap_bind - Error: could not send 
> startTLS request: error -11 (Connect error) errno 0 (Success)
> [13/Mar/2014:18:47:32 +0000] slapi_ldap_bind - Error: could not send 
> startTLS request: error -11 (Connect error) errno 0 (Success)
> [13/Mar/2014:18:47:38 +0000] slapi_ldap_bind - Error: could not send 
> startTLS request: error -11 (Connect error) errno 0 (Success)
> [13/Mar/2014:18:47:50 +0000] slapi_ldap_bind - Error: could not send 
> startTLS request: error -11 (Connect error) errno 0 (Success)
> [13/Mar/2014:18:48:11 +0000] slapi_ldap_bind - Error: could not send 
> startTLS request: error -11 (Connect error) errno 0 (Success)
> [13/Mar/2014:18:48:14 +0000] slapi_ldap_bind - Error: could not send 
> startTLS request: error -11 (Connect error) errno 0 (Success)
> [13/Mar/2014:18:48:20 +0000] slapi_ldap_bind - Error: could not send 
> startTLS request: error -11 (Connect error) errno 0 (Success)
> [13/Mar/2014:18:48:32 +0000] slapi_ldap_bind - Error: could not send 
> startTLS request: error -11 (Connect error) errno 0 (Success)
> [13/Mar/2014:18:48:56 +0000] slapi_ldap_bind - Error: could not send 
> startTLS request: error -11 (Connect error) errno 0 (Success)
> [root at idm-master-els.ops.boingo.com cacerts]$

Are all of these associated with the winsync agreement?

>
> ------------------------------------------------------------------------
> *From:* Rich Megginson [rmeggins at redhat.com]
> *Sent:* Thursday, March 13, 2014 11:43 AM
> *To:* Todd Maugh; freeipa-users at redhat.com
> *Subject:* Re: [Freeipa-users] [freeipa] Issues with Winsync agreement
>
> On 03/13/2014 12:29 PM, Todd Maugh wrote:
>> ok so I ran that and Get this output
>
> Ok.  Next, take a look at /var/log/dirsrv/slapd-OPS-BOINGO-COM/errors
>
>>
>>
>> [root at idm-master-els.ops.boingo.com cacerts]$ 
>> LDAPTLS_CACERTDIR=/etc/dirsrv/slapd-OPS-BOINGO-COM ldapsearch -xLLLZZ 
>> -h adc13-els.bwinc.local -D "cn=idmadmin,cn=Users,dc=bwinc,dc=local" 
>> -w "XXXXXX"  -s base -b "cn=Users,dc=bwinc,dc=local"
>> dn: cn=Users,dc=bwinc,dc=local
>> objectClass: top
>> objectClass: container
>> cn: Users
>> description: Default container for upgraded user accounts
>> distinguishedName: CN=Users,DC=BWINC,DC=local
>> instanceType: 4
>> whenCreated: 20060824234034.0Z
>> whenChanged: 20140306190741.0Z
>> uSNCreated: 17702
>> uSNChanged: 17702
>> showInAdvancedViewOnly: FALSE
>> name: Users
>> objectGUID:: kCZ7CbnIZk+0GpmCr3PCfw==
>> systemFlags: -1946157056
>> objectCategory: CN=Container,CN=Schema,CN=Configuration,DC=BWINC,DC=local
>> isCriticalSystemObject: TRUE
>> dSCorePropagationData: 20140306234416.0Z
>> dSCorePropagationData: 20140306234348.0Z
>> dSCorePropagationData: 20140306225101.0Z
>> dSCorePropagationData: 20140306225055.0Z
>> dSCorePropagationData: 16010101000000.0Z
>>
>> ------------------------------------------------------------------------
>> *From:* Rich Megginson [rmeggins at redhat.com]
>> *Sent:* Wednesday, March 12, 2014 3:47 PM
>> *To:* Todd Maugh; freeipa-users at redhat.com
>> *Subject:* Re: [Freeipa-users] [freeipa] Issues with Winsync agreement
>>
>> On 03/12/2014 04:39 PM, Todd Maugh wrote:
>>> thanks Rich,
>>>
>>> when I run that  I get the following:
>>>
>>>
>>> *[root at idm-master-els.ops.boingo.com ipa]$ 
>>> LDAPTLS_CACERTDIR=/etc/dirsrv/slapd-OPS-BOINGO-COM ldapsearch 
>>> -xLLLZZ -h adc13-els.bwinc.local -D 
>>> "cn=idmadmin,cn=Users,dc=bwinc,dc=local" -w "XXXXXX" s base -b 
>>> "cn=Users,dc=bwinc,dc=local"
>>> ldap_bind: Invalid credentials (49)
>>> *
>>
>> *Invalid credentials almost always means your password "XXXXXX" is 
>> not correct for user "**cn=idmadmin,cn=Users,dc=bwinc,dc=local"
>>
>> *
>>> *    additional info: 80090308: LdapErr: DSID-0C0903C5, comment: 
>>> AcceptSecurityContext error, data 52e, v2580
>>> *
>>>
>>>
>>> ------------------------------------------------------------------------
>>> *From:* Rich Megginson [rmeggins at redhat.com]
>>> *Sent:* Wednesday, March 12, 2014 3:30 PM
>>> *To:* Todd Maugh; freeipa-users at redhat.com
>>> *Subject:* Re: [Freeipa-users] [freeipa] Issues with Winsync agreement
>>>
>>> On 03/12/2014 04:18 PM, Todd Maugh wrote:
>>>> Hello.
>>>>
>>>> I'm using latest IPA build on red hat 6.5
>>>>
>>>> I retrieved my CA cert from the AD Domain controller
>>>>
>>>> I try to set up my winsyncagreement and I am getting this
>>>>
>>>>
>>>>
>>>> [root at idm-master-els.ops.boingo.com ipa]$ ipa-replica-manage 
>>>> connect --winsync --binddn "cn=idmadmin, cn=Users, dc=bwinc, 
>>>> dc=local" --bindpw "XXXXXX" --passsync "XXXXXX" 
>>>> --cacert=/etc/openldap/cacerts/ADC13-ELS.CA.cer adc13-els.bwinc.local
>>>> Directory Manager password:
>>>>
>>>> Added CA certificate /etc/openldap/cacerts/ADC13-ELS.CA.cer to 
>>>> certificate database for idm-master-els.ops.boingo.com
>>>> ipa: INFO: Failed to connect to AD server adc13-els.bwinc.local
>>>> ipa: INFO: The error was: {'info': '80090308: LdapErr: 
>>>> DSID-0C0903C5, comment: AcceptSecurityContext error, data 52e, 
>>>> v2580', 'desc': 'Invalid credentials'}
>>>> Failed to setup winsync replication
>>>>
>>>>
>>>> not sure where to look for the logs for this to see what the 
>>>> invalivd credentials are or wether this might still be a cert issue 
>>>> or a log in issue or what not?
>>>
>>> You can test with ldapsearch like this:
>>>
>>> $ LDAPTLS_CACERTDIR=/etc/dirsrv/slapd-DOMAIN-COM ldapsearch -xLLLZZ 
>>> -h adc13-els.bwinc.local -D "cn=idmadmin,cn=Users,dc=bwinc,dc=local" 
>>> -w "XXXXXX" -s base -b "cn=Users,dc=bwinc,dc=local"
>>>
>>>>
>>>>
>>>> Thanks in advance for the help
>>>>
>>>> -Todd
>>>>
>>>>
>>>>
>>>>
>>>> _______________________________________________
>>>> Freeipa-users mailing list
>>>> Freeipa-users at redhat.com
>>>> https://www.redhat.com/mailman/listinfo/freeipa-users
>>>
>>
>

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20140313/a3112b18/attachment.htm>