When I try to run this command I am getting this error: [r...@sbttipa001 ~]# /usr/lib64/mozldap/ldapsearch -h sbtaddc001.bmitest.com-D "CN=administrator,CN=users,DC=bmitest,DC=com" -w "secretpw" -s base -b "" "objectclass=*" ldap_simple_bind: Invalid credentials ldap_simple_bind: additional info: 80090308: LdapErr: DSID-0C0903AA, comment: AcceptSecurityContext error, data 52e, v1771
On Tue, Mar 9, 2010 at 6:16 PM, Rich Megginson <rmegg...@redhat.com> wrote: > Please keep replies on list > > Shan Kumaraswamy wrote: > >> Rich, >> Does a reverse DNS lookup on the IP address return that hostname? -Yes >> Is Active Directory configured to use/listen to SSL? -Yes, Active >> Directory Cert Auth installed and exported the and verifityed. >> >> Does the cert db /etc/dirsrv/slapd-BMITEST-COM/cert8.db contain the CA >> cert of the windows CA? -yes "Imported CA cert" >> >> certutil -L -d /etc/dirsrv/slapd-BMITEST-COM- Its listing installed cert >> I am trying to creating syn agreement from IPA server using following >> syntex: >> ipa-replica-manage add --winsync --binddn >> CN=Administrator,CN=Users,CN=Accounts,DC=bmitest,DC=com --bindpw secretpw >> --cacert /etc/dirsrv/slapd-BMITEST-COM/dsca.cer sbtaddc001.bmitest.com < >> http://sbtaddc001.bmitest.com> -v >> >> Please corret me where I am doing worng? >> > ldap_simple_bind: Can't contact LDAP server > SSL error -5961 (TCP connection reset by peer.) > > This usually indicates some low level error. Let's try this: > /usr/lib64/mozldap/ldapsearch -h sbtaddc001.bmitest.com -D > "CN=administrator,CN=users,DC=bmitest,DC=com" -w "secretpw" -s base -b "" > "objectclass=*" > > Does that work? > >> >> >> >> On Mon, Mar 8, 2010 at 6:30 PM, Rich Megginson <rmegg...@redhat.com<mailto: >> rmegg...@redhat.com>> wrote: >> >> Shan Kumaraswamy wrote: >> >> Hi Rich, >> >> Sorry for the delay replay, after I executed your command I am >> getting the following error from my directory server. Please >> help me to resolve this error. >> >> [r...@sbttipa001 ~]# /usr/lib64/mozldap/ldapsearch -h >> sbtaddc001.bmitest.com <http://sbtaddc001.bmitest.com/> >> <http://sbtaddc001.bmitest.com >> <http://sbtaddc001.bmitest.com/>> -p 636 -Z -P >> >> /etc/dirsrv/slapd-BMITEST-COM/cert8.db -D >> CN=administrator,CN=users,DC=bmitest,DC=com -w "secretpw" -s >> base -b "" "objectclass=*" >> >> ldap_simple_bind: Can't contact LDAP server >> SSL error -5961 (TCP connection reset by peer.) >> >> Is sbtaddc001.bmitest.com <http://sbtaddc001.bmitest.com/> >> <http://sbtaddc001.bmitest.com <http://sbtaddc001.bmitest.com/>> >> >> the real, registered DNS address for the Active Directory server? >> On both the linux machine and the windows machine? >> Does a reverse DNS lookup on the IP address return that hostname? >> Is Active Directory configured to use/listen to SSL? >> Does the cert db /etc/dirsrv/slapd-BMITEST-COM/cert8.db contain >> the CA cert of the windows CA? >> certutil -L -d /etc/dirsrv/slapd-BMITEST-COM >> >> >> >> On Wed, Feb 24, 2010 at 6:20 PM, Rich Megginson >> <rmegg...@redhat.com <mailto:rmegg...@redhat.com> >> <mailto:rmegg...@redhat.com <mailto:rmegg...@redhat.com>>> wrote: >> >> Shan Kumaraswamy wrote: >> >> Dear All, >> I am facing the AD Sync issue with FreeIPA to Active >> Directory, and as per the redhat-ds doc I have done all the >> settings from AD front. please help me to resolve this >> issue. >> And find the below error message: >> [r...@sbttipa001 ~]# ipa-replica-manage add --winsync >> --binddn CN=ipaadmin,CN=users,DC=bmitest,DC=com --bindpw >> secretpw --ca cert /etc/dirsrv/slapd-BMITEST-COM/adsync.cer >> sbtaddc001.bmitest.com <http://sbtaddc001.bmitest.com/> >> <http://sbtaddc001.bmitest.com/> >> <http://sbtaddc001.bmitest.com >> <http://sbtaddc001.bmitest.com/> >> >> <http://sbtaddc001.bmitest.com/>> -v --passsync bmi.123 >> >> Directory Manager password: >> INFO:root:Shutting down dirsrv: >> BMITEST-COM... >> [ OK ] >> INFO:root: >> INFO:root: >> INFO:root: >> INFO:root:Starting dirsrv: >> BMITEST-COM... >> [ OK ] >> INFO:root: >> INFO:root:Added CA certificate >> /etc/dirsrv/slapd-BMITEST-COM/adsync.cer to certificate >> database for sbttipa001.bmitest.com >> <http://sbttipa001.bmitest.com/> >> <http://sbttipa001.bmitest.com/> >> <http://sbttipa001.bmitest.com >> <http://sbttipa001.bmitest.com/> >> <http://sbttipa001.bmitest.com/>> >> >> INFO:root:Restarted directory server >> sbttipa001.bmitest.com <http://sbttipa001.bmitest.com/> >> <http://sbttipa001.bmitest.com/> >> <http://sbttipa001.bmitest.com >> <http://sbttipa001.bmitest.com/> >> <http://sbttipa001.bmitest.com/>> >> >> INFO:root:Could not validate connection to remote server >> sbtaddc001.bmitest.com:636 >> <http://sbtaddc001.bmitest.com:636/> >> <http://sbtaddc001.bmitest.com:636/> >> >> <http://sbtaddc001.bmitest.com:636 >> <http://sbtaddc001.bmitest.com:636/> >> <http://sbtaddc001.bmitest.com:636/>> - continuing >> >> INFO:root:The error was: {'info': 'error:14090086:SSL >> routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify >> failed', 'desc ': "Can't contact LDAP server"} >> The user for the Windows PassSync service is >> uid=passsync,cn=sysaccounts,cn=etc,dc=bmitest,dc=com >> Windows PassSync entry exists, not resetting password >> INFO:root:Added new sync agreement, waiting for it to >> become >> ready . . . >> INFO:root:Replication Update in progress: FALSE: >> status: 49 - >> LDAP error: Invalid credentials: start: 0: end: 0 >> INFO:root:Agreement is ready, starting replication . . . >> Starting replication, please wait until this has completed. >> [sbttipa001.bmitest.com >> <http://sbttipa001.bmitest.com/> <http://sbttipa001.bmitest.com/> >> <http://sbttipa001.bmitest.com >> <http://sbttipa001.bmitest.com/> >> >> <http://sbttipa001.bmitest.com/>>] reports: Update failed! >> Status: [49 - LDAP error: Invalid credentials] >> INFO:root:Added agreement for other host >> sbtaddc001.bmitest.com <http://sbtaddc001.bmitest.com/> >> <http://sbtaddc001.bmitest.com/> >> <http://sbtaddc001.bmitest.com >> <http://sbtaddc001.bmitest.com/> >> <http://sbtaddc001.bmitest.com/>> >> >> >> Error 49 usually means the password is not correct. You >> can use >> mozldap ldapsearch to test the connection like this: >> >> /usr/lib/mozldap/ldapsearch -h dchost -p 636 -Z -P >> /etc/dirsrv/slapd-BMITEST-COM/cert8.db -D >> CN=ipaadmin,CN=users,DC=bmitest,DC=com -w "secretpw" -s >> base -b "" >> "objectclass=*" >> >> -- Thanks & Regards >> Shan Kumaraswamy >> >> >> ------------------------------------------------------------------------ >> >> _______________________________________________ >> Freeipa-users mailing list >> Freeipa-users@redhat.com >> <mailto:Freeipa-users@redhat.com> >> <mailto:Freeipa-users@redhat.com >> <mailto:Freeipa-users@redhat.com>> >> >> https://www.redhat.com/mailman/listinfo/freeipa-users >> >> >> >> >> >> -- Thanks & Regards >> Shan Kumaraswamy >> >> >> >> >> >> -- >> Thanks & Regards >> Shan Kumaraswamy >> >> > -- Thanks & Regards Shan Kumaraswamy
_______________________________________________ Freeipa-users mailing list Freeipa-users@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-users