[Freeipa-users] Setup windows AD Sync Failure

Thu Mar 3 02:40:24 UTC 2011

Dear,

I have successfully installed freeipa-server 2 rc2. and create some test
user and tested machine enrollment. now, what i want to do next is sync all
my windows 2008r2 AD accounts. i've got already get the cert needed, and
tested it with ldapsearch tools in the same host as the freeipa-server. so i
assume that AD connection is ok. but when i did ipa-manage-replica, it
complaints about "Can't connect LDAP server". here it is:

[root at yk ~]# ipa-replica-manage connect --winsync --binddn "cn=Fedora
DS,ou=JogjaCamp,dc=dot,dc=jc" --bindpw "somesecret" --cacert
/root/jcamp-DC1-buat-389DirServ.cer --passsync secretagain -p anothersecret
DC1.DOT.JC

Added CA certificate /root/jcamp-DC1-buat-389DirServ.cer to certificate
database for yk.nix.jc
ipa: INFO: Failed to connect to AD server dc1.dot.jc
ipa: INFO: The error was: {'info': 'TLS error -8179:Unknown code ___f 13',
'desc': "Can't contact LDAP server"}
ipa: INFO: Continuning ...
The user for the Windows PassSync service is
uid=passsync,cn=sysaccounts,cn=etc,dc=nix,dc=jc
Windows PassSync entry exists, not resetting password
ipa: INFO: Added new sync agreement, waiting for it to become ready . . .
ipa: INFO: Replication Update in progress: FALSE: status: 0 No replication
sessions started since server startup: start: 0: end: 0
ipa: INFO: Agreement is ready, starting replication . . .
Starting replication, please wait until this has completed.
Can't contact LDAP server
[root at yk ~]#

- I have no idea why AD connection is fail here, while it was ok with
ldapsearch tool. any clue ?

- and one more question: what is --passsync argument for? is it for foce
setting a "new password" for passsync user, or we have to first define a
password for passsync  user ?

TIA

Sayid Munawar
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20110303/9df8a7a1/attachment.htm>