Rich, Your mean the AD Administrator password or IPA admin password? On Tue, Mar 9, 2010 at 6:32 PM, Rich Megginson <[email protected]> wrote:
> Shan Kumaraswamy wrote: > >> When I try to run this command I am getting this error: >> [r...@sbttipa001 ~]# /usr/lib64/mozldap/ldapsearch -h >> sbtaddc001.bmitest.com <http://sbtaddc001.bmitest.com> -D >> "CN=administrator,CN=users,DC=bmitest,DC=com" -w "secretpw" -s base -b "" >> "objectclass=*" >> >> ldap_simple_bind: Invalid credentials >> ldap_simple_bind: additional info: 80090308: LdapErr: DSID-0C0903AA, >> comment: AcceptSecurityContext error, data 52e, v1771 >> > You are not providing the correct password. > >> >> >> On Tue, Mar 9, 2010 at 6:16 PM, Rich Megginson <[email protected]<mailto: >> [email protected]>> wrote: >> >> Please keep replies on list >> >> Shan Kumaraswamy wrote: >> >> Rich, >> Does a reverse DNS lookup on the IP address return that >> hostname? -Yes >> Is Active Directory configured to use/listen to SSL? -Yes, >> Active Directory Cert Auth installed and exported the and >> verifityed. >> >> Does the cert db /etc/dirsrv/slapd-BMITEST-COM/cert8.db >> contain the CA cert of the windows CA? -yes "Imported CA cert" >> >> certutil -L -d /etc/dirsrv/slapd-BMITEST-COM- Its listing >> installed cert >> I am trying to creating syn agreement from IPA server using >> following syntex: >> ipa-replica-manage add --winsync --binddn >> CN=Administrator,CN=Users,CN=Accounts,DC=bmitest,DC=com >> --bindpw secretpw --cacert >> /etc/dirsrv/slapd-BMITEST-COM/dsca.cer sbtaddc001.bmitest.com >> <http://sbtaddc001.bmitest.com/> >> >> <http://sbtaddc001.bmitest.com >> <http://sbtaddc001.bmitest.com/>> -v >> >> Please corret me where I am doing worng? >> >> ldap_simple_bind: Can't contact LDAP server >> SSL error -5961 (TCP connection reset by peer.) >> >> This usually indicates some low level error. Let's try this: >> /usr/lib64/mozldap/ldapsearch -h sbtaddc001.bmitest.com >> <http://sbtaddc001.bmitest.com/> -D >> >> "CN=administrator,CN=users,DC=bmitest,DC=com" -w "secretpw" -s >> base -b "" "objectclass=*" >> >> Does that work? >> >> >> >> On Mon, Mar 8, 2010 at 6:30 PM, Rich Megginson >> <[email protected] <mailto:[email protected]> >> <mailto:[email protected] <mailto:[email protected]>>> wrote: >> >> Shan Kumaraswamy wrote: >> >> Hi Rich, >> >> Sorry for the delay replay, after I executed your >> command I am >> getting the following error from my directory server. >> Please >> help me to resolve this error. >> >> [r...@sbttipa001 ~]# /usr/lib64/mozldap/ldapsearch -h >> sbtaddc001.bmitest.com <http://sbtaddc001.bmitest.com/> >> <http://sbtaddc001.bmitest.com/> >> <http://sbtaddc001.bmitest.com >> <http://sbtaddc001.bmitest.com/> >> <http://sbtaddc001.bmitest.com/>> -p 636 -Z -P >> >> /etc/dirsrv/slapd-BMITEST-COM/cert8.db -D >> CN=administrator,CN=users,DC=bmitest,DC=com -w >> "secretpw" -s >> base -b "" "objectclass=*" >> >> ldap_simple_bind: Can't contact LDAP server >> SSL error -5961 (TCP connection reset by peer.) >> >> Is sbtaddc001.bmitest.com <http://sbtaddc001.bmitest.com/> >> <http://sbtaddc001.bmitest.com/> >> <http://sbtaddc001.bmitest.com >> <http://sbtaddc001.bmitest.com/> >> <http://sbtaddc001.bmitest.com/>> >> >> the real, registered DNS address for the Active Directory >> server? >> On both the linux machine and the windows machine? >> Does a reverse DNS lookup on the IP address return that >> hostname? >> Is Active Directory configured to use/listen to SSL? >> Does the cert db /etc/dirsrv/slapd-BMITEST-COM/cert8.db contain >> the CA cert of the windows CA? >> certutil -L -d /etc/dirsrv/slapd-BMITEST-COM >> >> >> On Wed, Feb 24, 2010 at 6:20 PM, Rich Megginson >> <[email protected] <mailto:[email protected]> >> <mailto:[email protected] <mailto:[email protected]>> >> <mailto:[email protected] >> <mailto:[email protected]> <mailto:[email protected] >> <mailto:[email protected]>>>> wrote: >> >> Shan Kumaraswamy wrote: >> >> Dear All, >> I am facing the AD Sync issue with FreeIPA to Active >> Directory, and as per the redhat-ds doc I have >> done all the >> settings from AD front. please help me to >> resolve this >> issue. >> And find the below error message: >> [r...@sbttipa001 ~]# ipa-replica-manage add >> --winsync >> --binddn CN=ipaadmin,CN=users,DC=bmitest,DC=com >> --bindpw >> secretpw --ca cert >> /etc/dirsrv/slapd-BMITEST-COM/adsync.cer >> sbtaddc001.bmitest.com >> <http://sbtaddc001.bmitest.com/> <http://sbtaddc001.bmitest.com/> >> <http://sbtaddc001.bmitest.com/> >> <http://sbtaddc001.bmitest.com >> <http://sbtaddc001.bmitest.com/> >> <http://sbtaddc001.bmitest.com/> >> >> <http://sbtaddc001.bmitest.com/>> -v --passsync >> bmi.123 >> >> Directory Manager password: >> INFO:root:Shutting down dirsrv: >> BMITEST-COM... >> [ OK ] >> INFO:root: >> INFO:root: >> INFO:root: >> INFO:root:Starting dirsrv: >> BMITEST-COM... >> [ OK ] >> INFO:root: >> INFO:root:Added CA certificate >> /etc/dirsrv/slapd-BMITEST-COM/adsync.cer to >> certificate >> database for sbttipa001.bmitest.com >> <http://sbttipa001.bmitest.com/> >> <http://sbttipa001.bmitest.com/> >> <http://sbttipa001.bmitest.com/> >> <http://sbttipa001.bmitest.com >> <http://sbttipa001.bmitest.com/> >> <http://sbttipa001.bmitest.com/> >> <http://sbttipa001.bmitest.com/>> >> >> INFO:root:Restarted directory server >> sbttipa001.bmitest.com <http://sbttipa001.bmitest.com/> >> <http://sbttipa001.bmitest.com/> >> <http://sbttipa001.bmitest.com/> >> <http://sbttipa001.bmitest.com >> <http://sbttipa001.bmitest.com/> >> <http://sbttipa001.bmitest.com/> >> <http://sbttipa001.bmitest.com/>> >> >> INFO:root:Could not validate connection to >> remote server >> sbtaddc001.bmitest.com:636 >> <http://sbtaddc001.bmitest.com:636/> >> <http://sbtaddc001.bmitest.com:636/> >> <http://sbtaddc001.bmitest.com:636/> >> >> <http://sbtaddc001.bmitest.com:636 >> <http://sbtaddc001.bmitest.com:636/> >> <http://sbtaddc001.bmitest.com:636/> >> <http://sbtaddc001.bmitest.com:636/>> - continuing >> >> INFO:root:The error was: {'info': >> 'error:14090086:SSL >> routines:SSL3_GET_SERVER_CERTIFICATE:certificate >> verify >> failed', 'desc ': "Can't contact LDAP server"} >> The user for the Windows PassSync service is >> uid=passsync,cn=sysaccounts,cn=etc,dc=bmitest,dc=com >> Windows PassSync entry exists, not resetting >> password >> INFO:root:Added new sync agreement, waiting for >> it to >> become >> ready . . . >> INFO:root:Replication Update in progress: FALSE: >> status: 49 - >> LDAP error: Invalid credentials: start: 0: end: 0 >> INFO:root:Agreement is ready, starting >> replication . . . >> Starting replication, please wait until this has >> completed. >> [sbttipa001.bmitest.com >> <http://sbttipa001.bmitest.com/> >> <http://sbttipa001.bmitest.com/> >> <http://sbttipa001.bmitest.com/> >> <http://sbttipa001.bmitest.com >> <http://sbttipa001.bmitest.com/> >> <http://sbttipa001.bmitest.com/> >> >> <http://sbttipa001.bmitest.com/>>] reports: >> Update failed! >> Status: [49 - LDAP error: Invalid credentials] >> INFO:root:Added agreement for other host >> sbtaddc001.bmitest.com >> <http://sbtaddc001.bmitest.com/> <http://sbtaddc001.bmitest.com/> >> <http://sbtaddc001.bmitest.com/> >> <http://sbtaddc001.bmitest.com >> <http://sbtaddc001.bmitest.com/> >> <http://sbtaddc001.bmitest.com/> >> <http://sbtaddc001.bmitest.com/>> >> >> >> Error 49 usually means the password is not correct. You >> can use >> mozldap ldapsearch to test the connection like this: >> >> /usr/lib/mozldap/ldapsearch -h dchost -p 636 -Z -P >> /etc/dirsrv/slapd-BMITEST-COM/cert8.db -D >> CN=ipaadmin,CN=users,DC=bmitest,DC=com -w "secretpw" -s >> base -b "" >> "objectclass=*" >> >> -- Thanks & Regards >> Shan Kumaraswamy >> >> >> ------------------------------------------------------------------------ >> >> _______________________________________________ >> Freeipa-users mailing list >> [email protected] >> <mailto:[email protected]> >> <mailto:[email protected] >> <mailto:[email protected]>> >> <mailto:[email protected] >> <mailto:[email protected]> >> <mailto:[email protected] >> <mailto:[email protected]>>> >> >> >> https://www.redhat.com/mailman/listinfo/freeipa-users >> >> >> >> >> >> -- Thanks & Regards >> Shan Kumaraswamy >> >> >> >> >> >> -- Thanks & Regards >> Shan Kumaraswamy >> >> >> >> >> >> -- >> Thanks & Regards >> Shan Kumaraswamy >> >> > -- Thanks & Regards Shan Kumaraswamy
_______________________________________________ Freeipa-users mailing list [email protected] https://www.redhat.com/mailman/listinfo/freeipa-users
