[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: [Freeipa-users] AD Sync Error



Shan Kumaraswamy wrote:
Dear All,
I am facing the AD Sync issue with FreeIPA to Active Directory, and as per the redhat-ds doc I have done all the settings from AD front. please help me to resolve this issue. And find the below error message: [root sbttipa001 ~]# ipa-replica-manage add --winsync --binddn CN=ipaadmin,CN=users,DC=bmitest,DC=com --bindpw secretpw --ca cert /etc/dirsrv/slapd-BMITEST-COM/adsync.cer sbtaddc001.bmitest.com <http://sbtaddc001.bmitest.com> -v --passsync bmi.123
Directory Manager password:
INFO:root:Shutting down dirsrv:
    BMITEST-COM...                                         [  OK  ]
INFO:root:
INFO:root:
INFO:root:
INFO:root:Starting dirsrv:
    BMITEST-COM...                                         [  OK  ]
INFO:root:
INFO:root:Added CA certificate /etc/dirsrv/slapd-BMITEST-COM/adsync.cer to certificate database for sbttipa001.bmitest.com <http://sbttipa001.bmitest.com> INFO:root:Restarted directory server sbttipa001.bmitest.com <http://sbttipa001.bmitest.com> INFO:root:Could not validate connection to remote server sbtaddc001.bmitest.com:636 <http://sbtaddc001.bmitest.com:636> - continuing INFO:root:The error was: {'info': 'error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed', 'desc ': "Can't contact LDAP server"} The user for the Windows PassSync service is uid=passsync,cn=sysaccounts,cn=etc,dc=bmitest,dc=com
Windows PassSync entry exists, not resetting password
INFO:root:Added new sync agreement, waiting for it to become ready . . .
INFO:root:Replication Update in progress: FALSE: status: 49 - LDAP error: Invalid credentials: start: 0: end: 0
INFO:root:Agreement is ready, starting replication . . .
Starting replication, please wait until this has completed.
[sbttipa001.bmitest.com <http://sbttipa001.bmitest.com>] reports: Update failed! Status: [49 - LDAP error: Invalid credentials] INFO:root:Added agreement for other host sbtaddc001.bmitest.com <http://sbtaddc001.bmitest.com>
Error 49 usually means the password is not correct. You can use mozldap ldapsearch to test the connection like this:

/usr/lib/mozldap/ldapsearch -h dchost -p 636 -Z -P /etc/dirsrv/slapd-BMITEST-COM/cert8.db -D CN=ipaadmin,CN=users,DC=bmitest,DC=com -w "secretpw" -s base -b "" "objectclass=*"
--
Thanks & Regards
Shan Kumaraswamy

------------------------------------------------------------------------

_______________________________________________
Freeipa-users mailing list
Freeipa-users redhat com
https://www.redhat.com/mailman/listinfo/freeipa-users


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]