Rich,
Your mean the AD Administrator password or IPA admin password?

On Tue, Mar 9, 2010 at 6:32 PM, Rich Megginson <rmegg...@redhat.com> wrote:

> Shan Kumaraswamy wrote:
>
>> When I try to run this command I am getting this error:
>>  [r...@sbttipa001 ~]# /usr/lib64/mozldap/ldapsearch -h
>> sbtaddc001.bmitest.com <http://sbtaddc001.bmitest.com> -D
>> "CN=administrator,CN=users,DC=bmitest,DC=com" -w "secretpw" -s base -b ""
>> "objectclass=*"
>>
>> ldap_simple_bind: Invalid credentials
>> ldap_simple_bind: additional info: 80090308: LdapErr: DSID-0C0903AA,
>> comment: AcceptSecurityContext error, data 52e, v1771
>>
> You are not providing the correct password.
>
>>
>>
>>  On Tue, Mar 9, 2010 at 6:16 PM, Rich Megginson <rmegg...@redhat.com<mailto:
>> rmegg...@redhat.com>> wrote:
>>
>>    Please keep replies on list
>>
>>    Shan Kumaraswamy wrote:
>>
>>        Rich,
>>         Does a reverse DNS lookup on the IP address return that
>>        hostname? -Yes
>>         Is Active Directory configured to use/listen to SSL? -Yes,
>>        Active Directory Cert Auth installed and exported the and
>>        verifityed.
>>
>>         Does the cert db /etc/dirsrv/slapd-BMITEST-COM/cert8.db
>>        contain the CA cert of the windows CA? -yes "Imported CA cert"
>>
>>        certutil -L -d /etc/dirsrv/slapd-BMITEST-COM- Its listing
>>        installed cert
>>        I am trying to creating syn agreement from IPA server using
>>        following syntex:
>>         ipa-replica-manage add --winsync --binddn
>>        CN=Administrator,CN=Users,CN=Accounts,DC=bmitest,DC=com
>>        --bindpw secretpw --cacert
>>        /etc/dirsrv/slapd-BMITEST-COM/dsca.cer sbtaddc001.bmitest.com
>>        <http://sbtaddc001.bmitest.com/>
>>
>>        <http://sbtaddc001.bmitest.com
>>        <http://sbtaddc001.bmitest.com/>> -v
>>
>>         Please corret me where I am doing worng?
>>
>>    ldap_simple_bind: Can't contact LDAP server
>>         SSL error -5961 (TCP connection reset by peer.)
>>
>>    This usually indicates some low level error.  Let's try this:
>>    /usr/lib64/mozldap/ldapsearch -h sbtaddc001.bmitest.com
>>    <http://sbtaddc001.bmitest.com/> -D
>>
>>    "CN=administrator,CN=users,DC=bmitest,DC=com" -w "secretpw" -s
>>    base -b "" "objectclass=*"
>>
>>    Does that work?
>>
>>
>>
>>        On Mon, Mar 8, 2010 at 6:30 PM, Rich Megginson
>>        <rmegg...@redhat.com <mailto:rmegg...@redhat.com>
>>        <mailto:rmegg...@redhat.com <mailto:rmegg...@redhat.com>>> wrote:
>>
>>           Shan Kumaraswamy wrote:
>>
>>                Hi Rich,
>>
>>               Sorry for the delay replay, after I executed your
>>        command I am
>>               getting the following error from my directory server.
>>        Please
>>               help me to resolve this error.
>>
>>               [r...@sbttipa001 ~]# /usr/lib64/mozldap/ldapsearch -h
>>               sbtaddc001.bmitest.com <http://sbtaddc001.bmitest.com/>
>>        <http://sbtaddc001.bmitest.com/>
>>               <http://sbtaddc001.bmitest.com
>>        <http://sbtaddc001.bmitest.com/>
>>               <http://sbtaddc001.bmitest.com/>> -p 636 -Z -P
>>
>>               /etc/dirsrv/slapd-BMITEST-COM/cert8.db -D
>>               CN=administrator,CN=users,DC=bmitest,DC=com -w
>>        "secretpw" -s
>>               base -b "" "objectclass=*"
>>
>>               ldap_simple_bind: Can't contact LDAP server
>>                      SSL error -5961 (TCP connection reset by peer.)
>>
>>           Is sbtaddc001.bmitest.com <http://sbtaddc001.bmitest.com/>
>>        <http://sbtaddc001.bmitest.com/>
>>           <http://sbtaddc001.bmitest.com
>>        <http://sbtaddc001.bmitest.com/>
>>        <http://sbtaddc001.bmitest.com/>>
>>
>>           the real, registered DNS address for the Active Directory
>>        server?
>>            On both the linux machine and the windows machine?
>>           Does a reverse DNS lookup on the IP address return that
>>        hostname?
>>           Is Active Directory configured to use/listen to SSL?
>>           Does the cert db /etc/dirsrv/slapd-BMITEST-COM/cert8.db contain
>>           the CA cert of the windows CA?
>>           certutil -L -d /etc/dirsrv/slapd-BMITEST-COM
>>
>>
>>                On Wed, Feb 24, 2010 at 6:20 PM, Rich Megginson
>>               <rmegg...@redhat.com <mailto:rmegg...@redhat.com>
>>        <mailto:rmegg...@redhat.com <mailto:rmegg...@redhat.com>>
>>               <mailto:rmegg...@redhat.com
>>        <mailto:rmegg...@redhat.com> <mailto:rmegg...@redhat.com
>>        <mailto:rmegg...@redhat.com>>>> wrote:
>>
>>                  Shan Kumaraswamy wrote:
>>
>>                      Dear All,
>>                      I am facing the AD Sync issue with FreeIPA to Active
>>                      Directory, and as per the redhat-ds doc I have
>>        done all the
>>                      settings from AD front. please help me to
>>        resolve this
>>               issue.
>>                      And find the below error message:
>>                       [r...@sbttipa001 ~]# ipa-replica-manage add
>>        --winsync
>>                      --binddn CN=ipaadmin,CN=users,DC=bmitest,DC=com
>>        --bindpw
>>                      secretpw --ca cert
>>        /etc/dirsrv/slapd-BMITEST-COM/adsync.cer
>>                      sbtaddc001.bmitest.com
>>        <http://sbtaddc001.bmitest.com/> <http://sbtaddc001.bmitest.com/>
>>               <http://sbtaddc001.bmitest.com/>
>>                      <http://sbtaddc001.bmitest.com
>>        <http://sbtaddc001.bmitest.com/>
>>               <http://sbtaddc001.bmitest.com/>
>>
>>                      <http://sbtaddc001.bmitest.com/>> -v --passsync
>>        bmi.123
>>
>>                      Directory Manager password:
>>                      INFO:root:Shutting down dirsrv:
>>                         BMITEST-COM...
>>                   [  OK  ]
>>                      INFO:root:
>>                      INFO:root:
>>                      INFO:root:
>>                      INFO:root:Starting dirsrv:
>>                         BMITEST-COM...
>>                   [  OK  ]
>>                      INFO:root:
>>                      INFO:root:Added CA certificate
>>                      /etc/dirsrv/slapd-BMITEST-COM/adsync.cer to
>>        certificate
>>                      database for sbttipa001.bmitest.com
>>        <http://sbttipa001.bmitest.com/>
>>               <http://sbttipa001.bmitest.com/>
>>                      <http://sbttipa001.bmitest.com/>
>>                      <http://sbttipa001.bmitest.com
>>        <http://sbttipa001.bmitest.com/>
>>               <http://sbttipa001.bmitest.com/>
>>               <http://sbttipa001.bmitest.com/>>
>>
>>                      INFO:root:Restarted directory server
>>               sbttipa001.bmitest.com <http://sbttipa001.bmitest.com/>
>>        <http://sbttipa001.bmitest.com/>
>>                      <http://sbttipa001.bmitest.com/>
>>                      <http://sbttipa001.bmitest.com
>>        <http://sbttipa001.bmitest.com/>
>>               <http://sbttipa001.bmitest.com/>
>>               <http://sbttipa001.bmitest.com/>>
>>
>>                      INFO:root:Could not validate connection to
>>        remote server
>>                      sbtaddc001.bmitest.com:636
>>        <http://sbtaddc001.bmitest.com:636/>
>>               <http://sbtaddc001.bmitest.com:636/>
>>                      <http://sbtaddc001.bmitest.com:636/>
>>
>>                      <http://sbtaddc001.bmitest.com:636
>>        <http://sbtaddc001.bmitest.com:636/>
>>               <http://sbtaddc001.bmitest.com:636/>
>>                      <http://sbtaddc001.bmitest.com:636/>> - continuing
>>
>>                      INFO:root:The error was: {'info':
>>        'error:14090086:SSL
>>                      routines:SSL3_GET_SERVER_CERTIFICATE:certificate
>>        verify
>>                      failed', 'desc ': "Can't contact LDAP server"}
>>                      The user for the Windows PassSync service is
>>                      uid=passsync,cn=sysaccounts,cn=etc,dc=bmitest,dc=com
>>                      Windows PassSync entry exists, not resetting
>>        password
>>                      INFO:root:Added new sync agreement, waiting for
>>        it to
>>               become
>>                      ready . . .
>>                      INFO:root:Replication Update in progress: FALSE:
>>               status: 49  -
>>                      LDAP error: Invalid credentials: start: 0: end: 0
>>                      INFO:root:Agreement is ready, starting
>>        replication . . .
>>                      Starting replication, please wait until this has
>>        completed.
>>                      [sbttipa001.bmitest.com
>>        <http://sbttipa001.bmitest.com/>
>>               <http://sbttipa001.bmitest.com/>
>>        <http://sbttipa001.bmitest.com/>
>>                      <http://sbttipa001.bmitest.com
>>        <http://sbttipa001.bmitest.com/>
>>               <http://sbttipa001.bmitest.com/>
>>
>>                      <http://sbttipa001.bmitest.com/>>] reports:
>>        Update failed!
>>                      Status: [49  - LDAP error: Invalid credentials]
>>                      INFO:root:Added agreement for other host
>>                      sbtaddc001.bmitest.com
>>        <http://sbtaddc001.bmitest.com/> <http://sbtaddc001.bmitest.com/>
>>               <http://sbtaddc001.bmitest.com/>
>>                      <http://sbtaddc001.bmitest.com
>>        <http://sbtaddc001.bmitest.com/>
>>               <http://sbtaddc001.bmitest.com/>
>>               <http://sbtaddc001.bmitest.com/>>
>>
>>
>>                  Error 49 usually means the password is not correct.  You
>>               can use
>>                  mozldap ldapsearch to test the connection like this:
>>
>>                  /usr/lib/mozldap/ldapsearch -h dchost -p 636 -Z -P
>>                  /etc/dirsrv/slapd-BMITEST-COM/cert8.db -D
>>                  CN=ipaadmin,CN=users,DC=bmitest,DC=com -w "secretpw" -s
>>               base -b ""
>>                  "objectclass=*"
>>
>>                               --         Thanks & Regards
>>                      Shan Kumaraswamy
>>
>>
>>  ------------------------------------------------------------------------
>>
>>                      _______________________________________________
>>                      Freeipa-users mailing list
>>                      Freeipa-users@redhat.com
>>        <mailto:Freeipa-users@redhat.com>
>>               <mailto:Freeipa-users@redhat.com
>>        <mailto:Freeipa-users@redhat.com>>
>>               <mailto:Freeipa-users@redhat.com
>>        <mailto:Freeipa-users@redhat.com>
>>               <mailto:Freeipa-users@redhat.com
>>        <mailto:Freeipa-users@redhat.com>>>
>>
>>
>> https://www.redhat.com/mailman/listinfo/freeipa-users
>>
>>
>>
>>
>>
>>               --         Thanks & Regards
>>               Shan Kumaraswamy
>>
>>
>>
>>
>>
>>        --         Thanks & Regards
>>        Shan Kumaraswamy
>>
>>
>>
>>
>>
>> --
>> Thanks & Regards
>> Shan Kumaraswamy
>>
>>
>


-- 
Thanks & Regards
Shan Kumaraswamy
_______________________________________________
Freeipa-users mailing list
Freeipa-users@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-users

Reply via email to