[Freeipa-users] Winsync Issues

Rich Megginson rmeggins at redhat.com
Thu Mar 21 19:12:19 UTC 2013 

On 03/21/2013 12:37 PM, Joseph, Matthew (EXP) wrote:
>
> Hello,
>
> I'm currently in the processing of installing/configuring IPA 2.2.0-16 
>  on a Red Hat 6.4 Server and I'm running into some issues trying to 
> get IPA to replicate to a Windows 2003 SP2 DC.
>
> Here is the steps I took (I used the Red Hat Identity Management Guide)
>
> 1)Create idmpasssync user under AD and give him the permissions requested
>
> 2)Download IPA cert from web gui
>
> 3)Installed IPA cert under Trusted Root Certificates Authorities
>
> 4)Exported Windows cert to Red Hat Server
>
> 5)Copied both IPA and Windows certs to /etc/openldap/cacerts
>
> 6)Run the following command
>
> a.Ipa-replica-manage connect --winsync --binddn 
> cn=idmpasssync,cn=users,dc=domain,dc=ca --bindpw 
> WindowsIDMPassSyncPW     -- passsync WindowsIDMPassSyncPW --cacert 
> /etc/openldap/cacerts/windows.cer adserver.domain.ca --v
>
> 7)After running that command I get the following error;
>
> a.Added CA Certificate /etc/openldap/cacerts/windows.cer to 
> certificate database for IPAserver.domain.ca
> ipa: INFO: Failed to connect to AD server adserver.domain.ca
> ipa: INFO: The error was: {'info': 80090308: LdapErr: DSID-0C090334, 
> comment: AcceptSecurityContext error, data 525, vece', 'desc': 
> 'Invalid Credentials'}
> Failed to setup winsync replication
>
> I checked the IPA logs and it says the same thing above, no new 
> information
>
> I know I entered the password correctly and I even changed it on the 
> Active Directory side just to make sure.
>
> Can anyone see what I am doing wrong on this configuration?
>

Try this:

ldapsearch -xLLL -ZZ -h adserver.domain.ca -D 
"cn=idmpasssync,cn=users,dc=domain,dc=ca" -w 'WindowsIDMPassSyncPW' -s 
base -b ""

> Matt
>
>
>
> _______________________________________________
> Freeipa-users mailing list
> Freeipa-users at redhat.com
> https://www.redhat.com/mailman/listinfo/freeipa-users

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20130321/ff244784/attachment.htm>

More information about the Freeipa-users mailing list