[Freeipa-users] Sync with AD error
Rob Crittenden
rcritten at redhat.com
Fri Mar 11 20:16:35 UTC 2011
Sigbjørn Lie wrote:
> Hi,
>
> I just upgraded my FreeIPA @ F14 to 2.0.0.rc3, and attempted to add a
> sync agreement with Active Directory.
>
> Added CA certificate /root/testing-ca.cer to certificate database for
> ipasrv01.ix.testing.com
> ipa: INFO: AD Suffix is: DC=ad,DC=testing,DC=com
> The user for the Windows PassSync service is
> uid=passsync,cn=sysaccounts,cn=etc,dc=ix,dc=testing,dc=com
> Windows PassSync entry exists, not resetting password
> ipa: INFO: Added new sync agreement, waiting for it to become ready . . .
> ipa: INFO: Replication Update in progress: FALSE: status: 0 Replica
> acquired successfully: Incremental update succeeded: start:
> 20110311195207Z: end: 20110311195207Z
> ipa: INFO: Agreement is ready, starting replication . . .
> ipa: INFO: Failed to create public entry for winsync replica
> Starting replication, please wait until this has completed.
> Update succeeded
> Connected 'ipasrv01.ix.testing.com' to 'addc01.ad.testing.com'
>
>
> Now I can't list the sync agreements. All I get is:
>
> # ipa-replica-manage list
> unexpected error: * not found
>
> Any ideas?
Can you try running /us/sbin/ipa-ldap-updater?
The problem is this didn't run at install so the spot in the DIT to
store windows replication agreement info wasn't created, so it couldn't
be added (the Failed to create public entry for winsync replica part).
Once you've run ipa-ldap-updater you can add the info with something like:
ldapmodify -x -D 'cn=directory manager' -W
dn:
cn=addc01.ad.testing.com,cn=replicas,cn=ipa,cn=etc,dc=ix,dc=testing,dc=com
changetype: add
objectclass: nsContainer
objectclass: ipaConfigObject
cn: addc01.ad.testing.com
ipaConfigString: winsync:ipasrv01.ix.testing.com
<add an extra RETURN>
^D to quit
More information about the Freeipa-users
mailing list