[Freeipa-users] AD --> FreeIPA Password Sync --- Peer reports incompatible or unsupported protocol

Fri Mar 13 17:02:49 UTC 2015

On 03/13/2015 12:45 PM, g.fer.ordas at unicyber.co.uk wrote:
> Hi
>
> I am going forward with a Password Sync AD  (window 2013) ---- FreeIPA
>
> ipa-server-3.3.3-28.0.1.el7 on a Centos7 Box.
>
> I got the Password Sync Tool installed in the Windows2013 box and I 
> have created a user with it's related password as I am trying to test 
> the password changes...
>
> Looking at the access logs I can see the following related to the Sync 
> Process:
>
> --------
>
> [13/Mar/2015:09:22:02 -0700] conn=2 op=10 RESULT err=32 tag=101 nentries=0 etime=0
> [13/Mar/2015:09:23:27 -0700] conn=13 fd=82 slot=82 SSL connection from AD.Server to FreeIPA.Server
> [13/Mar/2015:09:23:27 -0700] conn=13 op=-1 fd=82 closed - Peer reports incompatible or unsupported protocol version.
> [13/Mar/2015:09:23:29 -0700] conn=14 fd=82 slot=82 SSL connection from AD.Server to FreeIPA.Server
> [13/Mar/2015:09:23:29 -0700] conn=14 op=-1 fd=82 closed - Peer reports incompatible or unsupported protocol version.
> [13/Mar/2015:09:23:33 -0700] conn=15 fd=82 slot=82 SSL connection from AD.Server to FreeIPA.Server
> [13/Mar/2015:09:23:33 -0700] conn=15 op=-1 fd=82 closed - Peer reports incompatible or unsupported protocol version.
> [13/Mar/2015:09:23:41 -0700] conn=16 fd=82 slot=82 SSL connection from AD.Server to FreeIPA.Server
> [13/Mar/2015:09:23:41 -0700] conn=16 op=-1 fd=82 closed - Peer reports incompatible or unsupported protocol version.
> [13/Mar/2015:09:23:57 -0700] conn=17 fd=82 slot=82 SSL connection from AD.Server to FreeIPA.Server
> [13/Mar/2015:09:23:57 -0700] conn=17 op=-1 fd=82 closed - Peer reports incompatible or unsupported protocol version.
> [13/Mar/2015:09:24:29 -0700] conn=18 fd=82 slot=82 SSL connection from AD.Server to FreeIPA.Server
> [13/Mar/2015:09:24:29 -0700] conn=18 op=-1 fd=82 closed - Peer reports incompatible or unsupported protocol version.
> [13/Mar/2015:09:25:34 -0700] conn=19 fd=91 slot=91 SSL connection from AD.Server to FreeIPA.Server
> [13/Mar/2015:09:25:34 -0700] conn=19 op=-1 fd=91 closed - Peer reports incompatible or unsupported protocol version.
> --------
>
> So the passwords do not seem to be copied across.
> Any idea why is this happening and how to troubleshoot it?
>
> Many Thanks
>
>
>
This might be related to the one of the vulnerabilities that was found 
last year. Make sure that you have the latest available versions on both 
sides. If you have a mismatch then the client might not talk the TLS 
version that server expects or vice verse.

-- 
Thank you,
Dmitri Pal

Sr. Engineering Manager IdM portfolio
Red Hat, Inc.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20150313/9d00a27c/attachment.htm>