[Freeipa-users] AD --> FreeIPA Password Sync --- Peer reports incompatible or unsupported protocol
g.fer.ordas at unicyber.co.uk
g.fer.ordas at unicyber.co.uk
Fri Mar 13 18:04:59 UTC 2015
Thanks to everyone for the replies.
The installed version for the passsync is 1.1.6 and using the latest I
got in RPMs form centos7 so the following:
89-ds-base-1.3.1.6-26.el7_0.x86_64
389-ds-base-libs-1.3.1.6-26.el7_0.x86_64
sssd-ipa-1.11.2-68.el7_0.6.x86_64
ipa-python-3.3.3-28.0.1.el7.centos.3.x86_64
ipa-admintools-3.3.3-28.0.1.el7.centos.3.x86_64
libipa_hbac-1.11.2-68.el7_0.6.x86_64
ipa-server-3.3.3-28.0.1.el7.centos.3.x86_64
ipa-client-3.3.3-28.0.1.el7.centos.3.x86_64
libipa_hbac-python-1.11.2-68.el7_0.6.x86_64
I haven't installed anything manually but using the Centos' Repos...
thanks!!!
On 2015-03-13 17:02, Dmitri Pal wrote:
> On 03/13/2015 12:45 PM, g.fer.ordas at unicyber.co.uk wrote:
>
>> Hi
>>
>> I am going forward with a Password Sync AD (window 2013) ----
>> FreeIPA
>>
>> ipa-server-3.3.3-28.0.1.el7 on a Centos7 Box.
>>
>> I got the Password Sync Tool installed in the Windows2013 box and I
>> have created a user with it's related password as I am trying to
>> test the password changes...
>>
>> Looking at the access logs I can see the following related to the
>> Sync Process:
>>
>> --------
>>
>> [13/Mar/2015:09:22:02 -0700] conn=2 op=10 RESULT err=32 tag=101
>> nentries=0 etime=0
>> [13/Mar/2015:09:23:27 -0700] conn=13 fd=82 slot=82 SSL connection
>> from AD.Server to FreeIPA.Server
>> [13/Mar/2015:09:23:27 -0700] conn=13 op=-1 fd=82 closed - Peer
>> reports incompatible or unsupported protocol version.
>> [13/Mar/2015:09:23:29 -0700] conn=14 fd=82 slot=82 SSL connection
>> from AD.Server to FreeIPA.Server
>> [13/Mar/2015:09:23:29 -0700] conn=14 op=-1 fd=82 closed - Peer
>> reports incompatible or unsupported protocol version.
>> [13/Mar/2015:09:23:33 -0700] conn=15 fd=82 slot=82 SSL connection
>> from AD.Server to FreeIPA.Server
>> [13/Mar/2015:09:23:33 -0700] conn=15 op=-1 fd=82 closed - Peer
>> reports incompatible or unsupported protocol version.
>> [13/Mar/2015:09:23:41 -0700] conn=16 fd=82 slot=82 SSL connection
>> from AD.Server to FreeIPA.Server
>> [13/Mar/2015:09:23:41 -0700] conn=16 op=-1 fd=82 closed - Peer
>> reports incompatible or unsupported protocol version.
>> [13/Mar/2015:09:23:57 -0700] conn=17 fd=82 slot=82 SSL connection
>> from AD.Server to FreeIPA.Server
>> [13/Mar/2015:09:23:57 -0700] conn=17 op=-1 fd=82 closed - Peer
>> reports incompatible or unsupported protocol version.
>> [13/Mar/2015:09:24:29 -0700] conn=18 fd=82 slot=82 SSL connection
>> from AD.Server to FreeIPA.Server
>> [13/Mar/2015:09:24:29 -0700] conn=18 op=-1 fd=82 closed - Peer
>> reports incompatible or unsupported protocol version.
>> [13/Mar/2015:09:25:34 -0700] conn=19 fd=91 slot=91 SSL connection
>> from AD.Server to FreeIPA.Server
>> [13/Mar/2015:09:25:34 -0700] conn=19 op=-1 fd=91 closed - Peer
>> reports incompatible or unsupported protocol version.
>> --------
>>
>> So the passwords do not seem to be copied across.
>> Any idea why is this happening and how to troubleshoot it?
>>
>> Many Thanks
> This might be related to the one of the vulnerabilities that was
> found last year. Make sure that you have the latest available versions
> on both sides. If you have a mismatch then the client might not talk
> the TLS version that server expects or vice verse.
>
> --
> Thank you,
> Dmitri Pal
>
> Sr. Engineering Manager IdM portfolio
> Red Hat, Inc.
More information about the Freeipa-users
mailing list