Shan Kumaraswamy wrote:
When I try to run this command I am getting this error:
[r...@sbttipa001 ~]# /usr/lib64/mozldap/ldapsearch -h sbtaddc001.bmitest.com <http://sbtaddc001.bmitest.com> -D "CN=administrator,CN=users,DC=bmitest,DC=com" -w "secretpw" -s base -b "" "objectclass=*"
ldap_simple_bind: Invalid credentials
ldap_simple_bind: additional info: 80090308: LdapErr: DSID-0C0903AA, comment: AcceptSecurityContext error, data 52e, v1771
You are not providing the correct password.



On Tue, Mar 9, 2010 at 6:16 PM, Rich Megginson <rmegg...@redhat.com <mailto:rmegg...@redhat.com>> wrote:

    Please keep replies on list

    Shan Kumaraswamy wrote:

        Rich,
         Does a reverse DNS lookup on the IP address return that
        hostname? -Yes
         Is Active Directory configured to use/listen to SSL? -Yes,
        Active Directory Cert Auth installed and exported the and
        verifityed.

         Does the cert db /etc/dirsrv/slapd-BMITEST-COM/cert8.db
        contain the CA cert of the windows CA? -yes "Imported CA cert"

        certutil -L -d /etc/dirsrv/slapd-BMITEST-COM- Its listing
        installed cert
        I am trying to creating syn agreement from IPA server using
        following syntex:
         ipa-replica-manage add --winsync --binddn
        CN=Administrator,CN=Users,CN=Accounts,DC=bmitest,DC=com
        --bindpw secretpw --cacert
        /etc/dirsrv/slapd-BMITEST-COM/dsca.cer sbtaddc001.bmitest.com
        <http://sbtaddc001.bmitest.com/>
        <http://sbtaddc001.bmitest.com
        <http://sbtaddc001.bmitest.com/>> -v

         Please corret me where I am doing worng?

    ldap_simple_bind: Can't contact LDAP server
         SSL error -5961 (TCP connection reset by peer.)

    This usually indicates some low level error.  Let's try this:
    /usr/lib64/mozldap/ldapsearch -h sbtaddc001.bmitest.com
    <http://sbtaddc001.bmitest.com/> -D
    "CN=administrator,CN=users,DC=bmitest,DC=com" -w "secretpw" -s
    base -b "" "objectclass=*"

    Does that work?


        On Mon, Mar 8, 2010 at 6:30 PM, Rich Megginson
        <rmegg...@redhat.com <mailto:rmegg...@redhat.com>
        <mailto:rmegg...@redhat.com <mailto:rmegg...@redhat.com>>> wrote:

           Shan Kumaraswamy wrote:

               Hi Rich,

               Sorry for the delay replay, after I executed your
        command I am
               getting the following error from my directory server.
        Please
               help me to resolve this error.

               [r...@sbttipa001 ~]# /usr/lib64/mozldap/ldapsearch -h
               sbtaddc001.bmitest.com <http://sbtaddc001.bmitest.com/>
        <http://sbtaddc001.bmitest.com/>
               <http://sbtaddc001.bmitest.com
        <http://sbtaddc001.bmitest.com/>
               <http://sbtaddc001.bmitest.com/>> -p 636 -Z -P

               /etc/dirsrv/slapd-BMITEST-COM/cert8.db -D
               CN=administrator,CN=users,DC=bmitest,DC=com -w
        "secretpw" -s
               base -b "" "objectclass=*"

               ldap_simple_bind: Can't contact LDAP server
                      SSL error -5961 (TCP connection reset by peer.)

           Is sbtaddc001.bmitest.com <http://sbtaddc001.bmitest.com/>
        <http://sbtaddc001.bmitest.com/>
           <http://sbtaddc001.bmitest.com
        <http://sbtaddc001.bmitest.com/>
        <http://sbtaddc001.bmitest.com/>>

           the real, registered DNS address for the Active Directory
        server?
            On both the linux machine and the windows machine?
           Does a reverse DNS lookup on the IP address return that
        hostname?
           Is Active Directory configured to use/listen to SSL?
           Does the cert db /etc/dirsrv/slapd-BMITEST-COM/cert8.db contain
           the CA cert of the windows CA?
           certutil -L -d /etc/dirsrv/slapd-BMITEST-COM

                On Wed, Feb 24, 2010 at 6:20 PM, Rich Megginson
               <rmegg...@redhat.com <mailto:rmegg...@redhat.com>
        <mailto:rmegg...@redhat.com <mailto:rmegg...@redhat.com>>
               <mailto:rmegg...@redhat.com
        <mailto:rmegg...@redhat.com> <mailto:rmegg...@redhat.com
        <mailto:rmegg...@redhat.com>>>> wrote:

                  Shan Kumaraswamy wrote:

                      Dear All,
                      I am facing the AD Sync issue with FreeIPA to Active
                      Directory, and as per the redhat-ds doc I have
        done all the
                      settings from AD front. please help me to
        resolve this
               issue.
                      And find the below error message:
                       [r...@sbttipa001 ~]# ipa-replica-manage add
        --winsync
                      --binddn CN=ipaadmin,CN=users,DC=bmitest,DC=com
        --bindpw
                      secretpw --ca cert
        /etc/dirsrv/slapd-BMITEST-COM/adsync.cer
                      sbtaddc001.bmitest.com
        <http://sbtaddc001.bmitest.com/> <http://sbtaddc001.bmitest.com/>
               <http://sbtaddc001.bmitest.com/>
                      <http://sbtaddc001.bmitest.com
        <http://sbtaddc001.bmitest.com/>
               <http://sbtaddc001.bmitest.com/>

                      <http://sbtaddc001.bmitest.com/>> -v --passsync
        bmi.123

                      Directory Manager password:
                      INFO:root:Shutting down dirsrv:
BMITEST-COM... [ OK ]
                      INFO:root:
                      INFO:root:
                      INFO:root:
                      INFO:root:Starting dirsrv:
BMITEST-COM... [ OK ]
                      INFO:root:
                      INFO:root:Added CA certificate
                      /etc/dirsrv/slapd-BMITEST-COM/adsync.cer to
        certificate
                      database for sbttipa001.bmitest.com
        <http://sbttipa001.bmitest.com/>
               <http://sbttipa001.bmitest.com/>
                      <http://sbttipa001.bmitest.com/>
                      <http://sbttipa001.bmitest.com
        <http://sbttipa001.bmitest.com/>
               <http://sbttipa001.bmitest.com/>
               <http://sbttipa001.bmitest.com/>>

                      INFO:root:Restarted directory server
               sbttipa001.bmitest.com <http://sbttipa001.bmitest.com/>
        <http://sbttipa001.bmitest.com/>
                      <http://sbttipa001.bmitest.com/>
                      <http://sbttipa001.bmitest.com
        <http://sbttipa001.bmitest.com/>
               <http://sbttipa001.bmitest.com/>
               <http://sbttipa001.bmitest.com/>>

                      INFO:root:Could not validate connection to
        remote server
                      sbtaddc001.bmitest.com:636
        <http://sbtaddc001.bmitest.com:636/>
               <http://sbtaddc001.bmitest.com:636/>
                      <http://sbtaddc001.bmitest.com:636/>

                      <http://sbtaddc001.bmitest.com:636
        <http://sbtaddc001.bmitest.com:636/>
               <http://sbtaddc001.bmitest.com:636/>
                      <http://sbtaddc001.bmitest.com:636/>> - continuing

                      INFO:root:The error was: {'info':
        'error:14090086:SSL
                      routines:SSL3_GET_SERVER_CERTIFICATE:certificate
        verify
                      failed', 'desc ': "Can't contact LDAP server"}
                      The user for the Windows PassSync service is
                      uid=passsync,cn=sysaccounts,cn=etc,dc=bmitest,dc=com
                      Windows PassSync entry exists, not resetting
        password
                      INFO:root:Added new sync agreement, waiting for
        it to
               become
                      ready . . .
                      INFO:root:Replication Update in progress: FALSE:
               status: 49  -
                      LDAP error: Invalid credentials: start: 0: end: 0
                      INFO:root:Agreement is ready, starting
        replication . . .
                      Starting replication, please wait until this has
        completed.
                      [sbttipa001.bmitest.com
        <http://sbttipa001.bmitest.com/>
               <http://sbttipa001.bmitest.com/>
        <http://sbttipa001.bmitest.com/>
                      <http://sbttipa001.bmitest.com
        <http://sbttipa001.bmitest.com/>
               <http://sbttipa001.bmitest.com/>

                      <http://sbttipa001.bmitest.com/>>] reports:
        Update failed!
                      Status: [49  - LDAP error: Invalid credentials]
                      INFO:root:Added agreement for other host
                      sbtaddc001.bmitest.com
        <http://sbtaddc001.bmitest.com/> <http://sbtaddc001.bmitest.com/>
               <http://sbtaddc001.bmitest.com/>
                      <http://sbtaddc001.bmitest.com
        <http://sbtaddc001.bmitest.com/>
               <http://sbtaddc001.bmitest.com/>
               <http://sbtaddc001.bmitest.com/>>


                  Error 49 usually means the password is not correct.  You
               can use
                  mozldap ldapsearch to test the connection like this:

                  /usr/lib/mozldap/ldapsearch -h dchost -p 636 -Z -P
                  /etc/dirsrv/slapd-BMITEST-COM/cert8.db -D
                  CN=ipaadmin,CN=users,DC=bmitest,DC=com -w "secretpw" -s
               base -b ""
                  "objectclass=*"

                               --         Thanks & Regards
                      Shan Kumaraswamy

------------------------------------------------------------------------

                      _______________________________________________
                      Freeipa-users mailing list
                      Freeipa-users@redhat.com
        <mailto:Freeipa-users@redhat.com>
               <mailto:Freeipa-users@redhat.com
        <mailto:Freeipa-users@redhat.com>>
               <mailto:Freeipa-users@redhat.com
        <mailto:Freeipa-users@redhat.com>
               <mailto:Freeipa-users@redhat.com
        <mailto:Freeipa-users@redhat.com>>>

https://www.redhat.com/mailman/listinfo/freeipa-users





               --         Thanks & Regards
               Shan Kumaraswamy





-- Thanks & Regards
        Shan Kumaraswamy





--
Thanks & Regards
Shan Kumaraswamy


_______________________________________________
Freeipa-users mailing list
Freeipa-users@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-users

Reply via email to