[Freeipa-users] [freeipa] Issues with Winsync agreement
Rich Megginson
rmeggins at redhat.com
Thu Mar 13 19:05:22 UTC 2014
On 03/13/2014 12:50 PM, Todd Maugh wrote:
> Ok the error I see repeated in the log is
>
> [13/Mar/2014:18:41:21 +0000] slapi_ldap_bind - Error: could not send
> startTLS request: error -11 (Connect error) errno 0 (Success)
> [13/Mar/2014:18:43:11 +0000] slapi_ldap_bind - Error: could not send
> startTLS request: error -11 (Connect error) errno 0 (Success)
> [13/Mar/2014:18:43:14 +0000] slapi_ldap_bind - Error: could not send
> startTLS request: error -11 (Connect error) errno 0 (Success)
> [13/Mar/2014:18:43:20 +0000] slapi_ldap_bind - Error: could not send
> startTLS request: error -11 (Connect error) errno 0 (Success)
> [13/Mar/2014:18:43:32 +0000] slapi_ldap_bind - Error: could not send
> startTLS request: error -11 (Connect error) errno 0 (Success)
> [13/Mar/2014:18:43:56 +0000] slapi_ldap_bind - Error: could not send
> startTLS request: error -11 (Connect error) errno 0 (Success)
> [13/Mar/2014:18:44:30 +0000] slapi_ldap_bind - Error: could not send
> startTLS request: error -1 (Can't contact LDAP server) errno 0 (Success)
> [13/Mar/2014:18:44:33 +0000] slapi_ldap_bind - Error: could not send
> startTLS request: error -11 (Connect error) errno 0 (Success)
> [13/Mar/2014:18:44:44 +0000] slapi_ldap_bind - Error: could not send
> startTLS request: error -11 (Connect error) errno 0 (Success)
> [13/Mar/2014:18:46:20 +0000] slapi_ldap_bind - Error: could not send
> startTLS request: error -11 (Connect error) errno 0 (Success)
> [13/Mar/2014:18:47:29 +0000] slapi_ldap_bind - Error: could not send
> startTLS request: error -11 (Connect error) errno 0 (Success)
> [13/Mar/2014:18:47:32 +0000] slapi_ldap_bind - Error: could not send
> startTLS request: error -11 (Connect error) errno 0 (Success)
> [13/Mar/2014:18:47:38 +0000] slapi_ldap_bind - Error: could not send
> startTLS request: error -11 (Connect error) errno 0 (Success)
> [13/Mar/2014:18:47:50 +0000] slapi_ldap_bind - Error: could not send
> startTLS request: error -11 (Connect error) errno 0 (Success)
> [13/Mar/2014:18:48:11 +0000] slapi_ldap_bind - Error: could not send
> startTLS request: error -11 (Connect error) errno 0 (Success)
> [13/Mar/2014:18:48:14 +0000] slapi_ldap_bind - Error: could not send
> startTLS request: error -11 (Connect error) errno 0 (Success)
> [13/Mar/2014:18:48:20 +0000] slapi_ldap_bind - Error: could not send
> startTLS request: error -11 (Connect error) errno 0 (Success)
> [13/Mar/2014:18:48:32 +0000] slapi_ldap_bind - Error: could not send
> startTLS request: error -11 (Connect error) errno 0 (Success)
> [13/Mar/2014:18:48:56 +0000] slapi_ldap_bind - Error: could not send
> startTLS request: error -11 (Connect error) errno 0 (Success)
> [root at idm-master-els.ops.boingo.com cacerts]$
Are all of these associated with the winsync agreement?
>
> ------------------------------------------------------------------------
> *From:* Rich Megginson [rmeggins at redhat.com]
> *Sent:* Thursday, March 13, 2014 11:43 AM
> *To:* Todd Maugh; freeipa-users at redhat.com
> *Subject:* Re: [Freeipa-users] [freeipa] Issues with Winsync agreement
>
> On 03/13/2014 12:29 PM, Todd Maugh wrote:
>> ok so I ran that and Get this output
>
> Ok. Next, take a look at /var/log/dirsrv/slapd-OPS-BOINGO-COM/errors
>
>>
>>
>> [root at idm-master-els.ops.boingo.com cacerts]$
>> LDAPTLS_CACERTDIR=/etc/dirsrv/slapd-OPS-BOINGO-COM ldapsearch -xLLLZZ
>> -h adc13-els.bwinc.local -D "cn=idmadmin,cn=Users,dc=bwinc,dc=local"
>> -w "XXXXXX" -s base -b "cn=Users,dc=bwinc,dc=local"
>> dn: cn=Users,dc=bwinc,dc=local
>> objectClass: top
>> objectClass: container
>> cn: Users
>> description: Default container for upgraded user accounts
>> distinguishedName: CN=Users,DC=BWINC,DC=local
>> instanceType: 4
>> whenCreated: 20060824234034.0Z
>> whenChanged: 20140306190741.0Z
>> uSNCreated: 17702
>> uSNChanged: 17702
>> showInAdvancedViewOnly: FALSE
>> name: Users
>> objectGUID:: kCZ7CbnIZk+0GpmCr3PCfw==
>> systemFlags: -1946157056
>> objectCategory: CN=Container,CN=Schema,CN=Configuration,DC=BWINC,DC=local
>> isCriticalSystemObject: TRUE
>> dSCorePropagationData: 20140306234416.0Z
>> dSCorePropagationData: 20140306234348.0Z
>> dSCorePropagationData: 20140306225101.0Z
>> dSCorePropagationData: 20140306225055.0Z
>> dSCorePropagationData: 16010101000000.0Z
>>
>> ------------------------------------------------------------------------
>> *From:* Rich Megginson [rmeggins at redhat.com]
>> *Sent:* Wednesday, March 12, 2014 3:47 PM
>> *To:* Todd Maugh; freeipa-users at redhat.com
>> *Subject:* Re: [Freeipa-users] [freeipa] Issues with Winsync agreement
>>
>> On 03/12/2014 04:39 PM, Todd Maugh wrote:
>>> thanks Rich,
>>>
>>> when I run that I get the following:
>>>
>>>
>>> *[root at idm-master-els.ops.boingo.com ipa]$
>>> LDAPTLS_CACERTDIR=/etc/dirsrv/slapd-OPS-BOINGO-COM ldapsearch
>>> -xLLLZZ -h adc13-els.bwinc.local -D
>>> "cn=idmadmin,cn=Users,dc=bwinc,dc=local" -w "XXXXXX" s base -b
>>> "cn=Users,dc=bwinc,dc=local"
>>> ldap_bind: Invalid credentials (49)
>>> *
>>
>> *Invalid credentials almost always means your password "XXXXXX" is
>> not correct for user "**cn=idmadmin,cn=Users,dc=bwinc,dc=local"
>>
>> *
>>> * additional info: 80090308: LdapErr: DSID-0C0903C5, comment:
>>> AcceptSecurityContext error, data 52e, v2580
>>> *
>>>
>>>
>>> ------------------------------------------------------------------------
>>> *From:* Rich Megginson [rmeggins at redhat.com]
>>> *Sent:* Wednesday, March 12, 2014 3:30 PM
>>> *To:* Todd Maugh; freeipa-users at redhat.com
>>> *Subject:* Re: [Freeipa-users] [freeipa] Issues with Winsync agreement
>>>
>>> On 03/12/2014 04:18 PM, Todd Maugh wrote:
>>>> Hello.
>>>>
>>>> I'm using latest IPA build on red hat 6.5
>>>>
>>>> I retrieved my CA cert from the AD Domain controller
>>>>
>>>> I try to set up my winsyncagreement and I am getting this
>>>>
>>>>
>>>>
>>>> [root at idm-master-els.ops.boingo.com ipa]$ ipa-replica-manage
>>>> connect --winsync --binddn "cn=idmadmin, cn=Users, dc=bwinc,
>>>> dc=local" --bindpw "XXXXXX" --passsync "XXXXXX"
>>>> --cacert=/etc/openldap/cacerts/ADC13-ELS.CA.cer adc13-els.bwinc.local
>>>> Directory Manager password:
>>>>
>>>> Added CA certificate /etc/openldap/cacerts/ADC13-ELS.CA.cer to
>>>> certificate database for idm-master-els.ops.boingo.com
>>>> ipa: INFO: Failed to connect to AD server adc13-els.bwinc.local
>>>> ipa: INFO: The error was: {'info': '80090308: LdapErr:
>>>> DSID-0C0903C5, comment: AcceptSecurityContext error, data 52e,
>>>> v2580', 'desc': 'Invalid credentials'}
>>>> Failed to setup winsync replication
>>>>
>>>>
>>>> not sure where to look for the logs for this to see what the
>>>> invalivd credentials are or wether this might still be a cert issue
>>>> or a log in issue or what not?
>>>
>>> You can test with ldapsearch like this:
>>>
>>> $ LDAPTLS_CACERTDIR=/etc/dirsrv/slapd-DOMAIN-COM ldapsearch -xLLLZZ
>>> -h adc13-els.bwinc.local -D "cn=idmadmin,cn=Users,dc=bwinc,dc=local"
>>> -w "XXXXXX" -s base -b "cn=Users,dc=bwinc,dc=local"
>>>
>>>>
>>>>
>>>> Thanks in advance for the help
>>>>
>>>> -Todd
>>>>
>>>>
>>>>
>>>>
>>>> _______________________________________________
>>>> Freeipa-users mailing list
>>>> Freeipa-users at redhat.com
>>>> https://www.redhat.com/mailman/listinfo/freeipa-users
>>>
>>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20140313/a3112b18/attachment.htm>
More information about the Freeipa-users
mailing list