On Tue, Mar 9, 2010 at 7:38 PM, Rich Megginson <rmegg...@redhat.com
<mailto:rmegg...@redhat.com>> wrote:
Shan Kumaraswamy wrote:
Yes I can get the output when I ran this step:
Command: /usr/lib64/mozldap/ldapsearch -ZZ -P
/etc/dirsrv/slapd-BMITEST-COM/cert8.db -h
sbtaddc001.bmitest.com <http://sbtaddc001.bmitest.com/>
<http://sbtaddc001.bmitest.com
<http://sbtaddc001.bmitest.com/>> -D
"CN=administrator,CN=users,DC=bmitest,DC=com" -s base -b ""
"objectclass=*"
Output:
version: 1
dn:
currentTime: 20100309160730.0Z
subschemaSubentry:
CN=Aggregate,CN=Schema,CN=Configuration,DC=BMITEST,DC=COM
dsServiceName: CN=NTDS
Settings,CN=SBTADDC001,CN=Servers,CN=Bahrain-Site,CN=Si
tes,CN=Configuration,DC=BMITEST,DC=COM
namingContexts: DC=BMITEST,DC=COM
namingContexts: CN=Configuration,DC=BMITEST,DC=COM
namingContexts: CN=Schema,CN=Configuration,DC=BMITEST,DC=COM
namingContexts: DC=DomainDnsZones,DC=BMITEST,DC=COM
namingContexts: DC=ForestDnsZones,DC=BMITEST,DC=COM
defaultNamingContext: DC=BMITEST,DC=COM
schemaNamingContext: CN=Schema,CN=Configuration,DC=BMITEST,DC=COM
configurationNamingContext: CN=Configuration,DC=BMITEST,DC=COM
rootDomainNamingContext: DC=BMITEST,DC=COM
supportedControl: 1.2.840.113556.1.4.319
supportedControl: 1.2.840.113556.1.4.801
supportedControl: 1.2.840.113556.1.4.473
supportedControl: 1.2.840.113556.1.4.528
supportedControl: 1.2.840.113556.1.4.417
supportedControl: 1.2.840.113556.1.4.619
supportedControl: 1.2.840.113556.1.4.841
supportedControl: 1.2.840.113556.1.4.529
supportedControl: 1.2.840.113556.1.4.805
supportedControl: 1.2.840.113556.1.4.521
supportedControl: 1.2.840.113556.1.4.970
supportedControl: 1.2.840.113556.1.4.1338
supportedControl: 1.2.840.113556.1.4.474
supportedControl: 1.2.840.113556.1.4.1339
supportedControl: 1.2.840.113556.1.4.1340
supportedControl: 1.2.840.113556.1.4.1413
supportedControl: 2.16.840.1.113730.3.4.9
supportedControl: 2.16.840.1.113730.3.4.10
supportedControl: 1.2.840.113556.1.4.1504
supportedControl: 1.2.840.113556.1.4.1852
supportedControl: 1.2.840.113556.1.4.802
supportedControl: 1.2.840.113556.1.4.1907
supportedControl: 1.2.840.113556.1.4.1948
supportedControl: 1.2.840.113556.1.4.1974
supportedControl: 1.2.840.113556.1.4.1341
supportedControl: 1.2.840.113556.1.4.2026
supportedLDAPVersion: 3
supportedLDAPVersion: 2
supportedLDAPPolicies: MaxPoolThreads
supportedLDAPPolicies: MaxDatagramRecv
supportedLDAPPolicies: MaxReceiveBuffer
supportedLDAPPolicies: InitRecvTimeout
supportedLDAPPolicies: MaxConnections
supportedLDAPPolicies: MaxConnIdleTime
supportedLDAPPolicies: MaxPageSize
supportedLDAPPolicies: MaxQueryDuration
supportedLDAPPolicies: MaxTempTableSize
supportedLDAPPolicies: MaxResultSetSize
supportedLDAPPolicies: MaxNotificationPerConn
supportedLDAPPolicies: MaxValRange
highestCommittedUSN: 905371
supportedSASLMechanisms: GSSAPI
supportedSASLMechanisms: GSS-SPNEGO
supportedSASLMechanisms: EXTERNAL
supportedSASLMechanisms: DIGEST-MD5
dnsHostName: SBTADDC001.BMITEST.COM
<http://sbtaddc001.bmitest.com/>
<http://SBTADDC001.BMITEST.COM <http://sbtaddc001.bmitest.com/>>
Please let me know the syntex of IPA Ad sync
Ok. Now try it with the ldaps port (-p 636)
/usr/lib64/mozldap/ldapsearch -Z -P
/etc/dirsrv/slapd-BMITEST-COM/cert8.db -h sbtaddc001.bmitest.com
<http://sbtaddc001.bmitest.com/> <http://sbtaddc001.bmitest.com
<http://sbtaddc001.bmitest.com/>> -p 636 -D
"CN=administrator,CN=users,DC=bmitest,DC=com" -w "secretpw" -s
base -b "" "objectclass=*"
On Tue, Mar 9, 2010 at 7:03 PM, Rich Megginson
<rmegg...@redhat.com <mailto:rmegg...@redhat.com>
<mailto:rmegg...@redhat.com <mailto:rmegg...@redhat.com>>> wrote:
Shan Kumaraswamy wrote:
Rich again some errors:
[r...@sbttipa001 ~]# /usr/lib64/mozldap/ldapsearch -h
sbtaddc001.bmitest.com <http://sbtaddc001.bmitest.com/>
<http://sbtaddc001.bmitest.com/>
<http://sbtaddc001.bmitest.com
<http://sbtaddc001.bmitest.com/>
<http://sbtaddc001.bmitest.com/>> -D
"CN=administrator,CN=users,DC=bmitest,DC=com" -w
"Str1ve2XL"
-s base -b "" "objectclass=*"
ldap_simple_bind: Strong authentication required
ldap_simple_bind: additional info: 00002028: LdapErr:
DSID-0C0901FC, comment: The server requires binds to
turn on
integrity checking if SSL\TLS are not already active on the
connection, data 0, v1771
If this is your real password, as simo said, please change it
immediately.
So at least you are talking to the AD server now. It is
telling
you that it will not accept a bind using a clear text password
over an insecure connection - that is, try using SSL as we did
previously:
/usr/lib64/mozldap/ldapsearch -ZZ -P
/etc/dirsrv/slapd-BMITEST-COM/cert8.db -h
sbtaddc001.bmitest.com <http://sbtaddc001.bmitest.com/>
<http://sbtaddc001.bmitest.com/>
<http://sbtaddc001.bmitest.com <http://sbtaddc001.bmitest.com/>
<http://sbtaddc001.bmitest.com/>> -D
"CN=administrator,CN=users,DC=bmitest,DC=com" -w "secretpw" -s
base -b "" "objectclass=*"
On Tue, Mar 9, 2010 at 6:38 PM, Rich Megginson
<rmegg...@redhat.com <mailto:rmegg...@redhat.com>
<mailto:rmegg...@redhat.com <mailto:rmegg...@redhat.com>>
<mailto:rmegg...@redhat.com
<mailto:rmegg...@redhat.com> <mailto:rmegg...@redhat.com
<mailto:rmegg...@redhat.com>>>> wrote:
Shan Kumaraswamy wrote:
Rich,
Your mean the AD Administrator password or IPA admin
password?
AD
I'm trying to find out why IPA cannot make a
connection to
AD. So
the hostname should be the AD hostname, and the -D
(binddn)
should
be the DN of the user that IPA uses to bind to AD,
and the
password should be the password for that user.
On Tue, Mar 9, 2010 at 6:32 PM, Rich Megginson
<rmegg...@redhat.com
<mailto:rmegg...@redhat.com> <mailto:rmegg...@redhat.com
<mailto:rmegg...@redhat.com>>
<mailto:rmegg...@redhat.com
<mailto:rmegg...@redhat.com> <mailto:rmegg...@redhat.com
<mailto:rmegg...@redhat.com>>>
<mailto:rmegg...@redhat.com
<mailto:rmegg...@redhat.com>
<mailto:rmegg...@redhat.com
<mailto:rmegg...@redhat.com>> <mailto:rmegg...@redhat.com
<mailto:rmegg...@redhat.com>
<mailto:rmegg...@redhat.com
<mailto:rmegg...@redhat.com>>>>> wrote:
Shan Kumaraswamy wrote:
When I try to run this command I am
getting this
error:
[r...@sbttipa001 ~]#
/usr/lib64/mozldap/ldapsearch -h
sbtaddc001.bmitest.com
<http://sbtaddc001.bmitest.com/>
<http://sbtaddc001.bmitest.com/>
<http://sbtaddc001.bmitest.com/>
<http://sbtaddc001.bmitest.com/>
<http://sbtaddc001.bmitest.com
<http://sbtaddc001.bmitest.com/>
<http://sbtaddc001.bmitest.com/>
<http://sbtaddc001.bmitest.com/>
<http://sbtaddc001.bmitest.com/>> -D
"CN=administrator,CN=users,DC=bmitest,DC=com" -w
"secretpw" -s
base -b "" "objectclass=*"
ldap_simple_bind: Invalid credentials
ldap_simple_bind: additional info: 80090308:
LdapErr:
DSID-0C0903AA, comment:
AcceptSecurityContext error,
data 52e,
v1771
You are not providing the correct password.
On Tue, Mar 9, 2010 at 6:16 PM, Rich
Megginson
<rmegg...@redhat.com
<mailto:rmegg...@redhat.com>
<mailto:rmegg...@redhat.com
<mailto:rmegg...@redhat.com>> <mailto:rmegg...@redhat.com
<mailto:rmegg...@redhat.com>
<mailto:rmegg...@redhat.com <mailto:rmegg...@redhat.com>>>
<mailto:rmegg...@redhat.com
<mailto:rmegg...@redhat.com>
<mailto:rmegg...@redhat.com
<mailto:rmegg...@redhat.com>> <mailto:rmegg...@redhat.com
<mailto:rmegg...@redhat.com>
<mailto:rmegg...@redhat.com <mailto:rmegg...@redhat.com>>>>
<mailto:rmegg...@redhat.com
<mailto:rmegg...@redhat.com>
<mailto:rmegg...@redhat.com <mailto:rmegg...@redhat.com>>
<mailto:rmegg...@redhat.com
<mailto:rmegg...@redhat.com>
<mailto:rmegg...@redhat.com
<mailto:rmegg...@redhat.com>>> <mailto:rmegg...@redhat.com
<mailto:rmegg...@redhat.com>
<mailto:rmegg...@redhat.com <mailto:rmegg...@redhat.com>>
<mailto:rmegg...@redhat.com
<mailto:rmegg...@redhat.com>
<mailto:rmegg...@redhat.com
<mailto:rmegg...@redhat.com>>>>>> wrote:
Please keep replies on list
Shan Kumaraswamy wrote:
Rich,
Does a reverse DNS lookup on the
IP address
return that
hostname? -Yes
Is Active Directory configured to
use/listen to
SSL? -Yes,
Active Directory Cert Auth
installed and
exported the and
verifityed.
Does the cert db
/etc/dirsrv/slapd-BMITEST-COM/cert8.db
contain the CA cert of the windows
CA? -yes
"Imported
CA cert"
certutil -L -d
/etc/dirsrv/slapd-BMITEST-COM-
Its listing
installed cert
I am trying to creating syn agreement
from IPA
server using
following syntex:
ipa-replica-manage add --winsync
--binddn
CN=Administrator,CN=Users,CN=Accounts,DC=bmitest,DC=com
--bindpw secretpw --cacert
/etc/dirsrv/slapd-BMITEST-COM/dsca.cer
sbtaddc001.bmitest.com
<http://sbtaddc001.bmitest.com/>
<http://sbtaddc001.bmitest.com/>
<http://sbtaddc001.bmitest.com/>
<http://sbtaddc001.bmitest.com/>
<http://sbtaddc001.bmitest.com/>
<http://sbtaddc001.bmitest.com
<http://sbtaddc001.bmitest.com/>
<http://sbtaddc001.bmitest.com/>
<http://sbtaddc001.bmitest.com/>
<http://sbtaddc001.bmitest.com/>
<http://sbtaddc001.bmitest.com/>> -v
Please corret me where I am doing
worng?
ldap_simple_bind: Can't contact LDAP
server
SSL error -5961 (TCP connection
reset by
peer.)
This usually indicates some low level
error.
Let's
try this:
/usr/lib64/mozldap/ldapsearch -h
sbtaddc001.bmitest.com
<http://sbtaddc001.bmitest.com/> <http://sbtaddc001.bmitest.com/>
<http://sbtaddc001.bmitest.com/>
<http://sbtaddc001.bmitest.com/>
<http://sbtaddc001.bmitest.com/> -D
"CN=administrator,CN=users,DC=bmitest,DC=com" -w
"secretpw" -s
base -b "" "objectclass=*"
Does that work?
On Mon, Mar
8, 2010
at 6:30 PM, Rich Megginson
<rmegg...@redhat.com
<mailto:rmegg...@redhat.com>
<mailto:rmegg...@redhat.com <mailto:rmegg...@redhat.com>>
<mailto:rmegg...@redhat.com
<mailto:rmegg...@redhat.com>
<mailto:rmegg...@redhat.com
<mailto:rmegg...@redhat.com>>> <mailto:rmegg...@redhat.com
<mailto:rmegg...@redhat.com>
<mailto:rmegg...@redhat.com <mailto:rmegg...@redhat.com>>
<mailto:rmegg...@redhat.com
<mailto:rmegg...@redhat.com> <mailto:rmegg...@redhat.com
<mailto:rmegg...@redhat.com>>>>
<mailto:rmegg...@redhat.com
<mailto:rmegg...@redhat.com>
<mailto:rmegg...@redhat.com <mailto:rmegg...@redhat.com>>
<mailto:rmegg...@redhat.com
<mailto:rmegg...@redhat.com>
<mailto:rmegg...@redhat.com
<mailto:rmegg...@redhat.com>>> <mailto:rmegg...@redhat.com
<mailto:rmegg...@redhat.com>
<mailto:rmegg...@redhat.com <mailto:rmegg...@redhat.com>>
<mailto:rmegg...@redhat.com
<mailto:rmegg...@redhat.com> <mailto:rmegg...@redhat.com
<mailto:rmegg...@redhat.com>>>>>
<mailto:rmegg...@redhat.com
<mailto:rmegg...@redhat.com>
<mailto:rmegg...@redhat.com <mailto:rmegg...@redhat.com>>
<mailto:rmegg...@redhat.com
<mailto:rmegg...@redhat.com> <mailto:rmegg...@redhat.com
<mailto:rmegg...@redhat.com>>>
<mailto:rmegg...@redhat.com
<mailto:rmegg...@redhat.com>
<mailto:rmegg...@redhat.com <mailto:rmegg...@redhat.com>>
<mailto:rmegg...@redhat.com
<mailto:rmegg...@redhat.com>
<mailto:rmegg...@redhat.com
<mailto:rmegg...@redhat.com>>>> <mailto:rmegg...@redhat.com
<mailto:rmegg...@redhat.com>
<mailto:rmegg...@redhat.com <mailto:rmegg...@redhat.com>>
<mailto:rmegg...@redhat.com
<mailto:rmegg...@redhat.com> <mailto:rmegg...@redhat.com
<mailto:rmegg...@redhat.com>>>
<mailto:rmegg...@redhat.com
<mailto:rmegg...@redhat.com>
<mailto:rmegg...@redhat.com <mailto:rmegg...@redhat.com>>
<mailto:rmegg...@redhat.com
<mailto:rmegg...@redhat.com>
<mailto:rmegg...@redhat.com
<mailto:rmegg...@redhat.com>>>>>>> wrote:
Shan Kumaraswamy wrote:
Hi Rich,
Sorry for the delay replay,
after I
executed your
command I am
getting the following error
from
my directory
server.
Please
help me to resolve this error.
[r...@sbttipa001 ~]#
/usr/lib64/mozldap/ldapsearch -h
sbtaddc001.bmitest.com
<http://sbtaddc001.bmitest.com/>
<http://sbtaddc001.bmitest.com/>
<http://sbtaddc001.bmitest.com/>
<http://sbtaddc001.bmitest.com/>
<http://sbtaddc001.bmitest.com/>
<http://sbtaddc001.bmitest.com/>
<http://sbtaddc001.bmitest.com <http://sbtaddc001.bmitest.com/>
<http://sbtaddc001.bmitest.com/>
<http://sbtaddc001.bmitest.com/>
<http://sbtaddc001.bmitest.com/>
<http://sbtaddc001.bmitest.com/>
<http://sbtaddc001.bmitest.com/>>
-p 636
-Z -P
/etc/dirsrv/slapd-BMITEST-COM/cert8.db -D
CN=administrator,CN=users,DC=bmitest,DC=com -w
"secretpw" -s
base -b "" "objectclass=*"
ldap_simple_bind: Can't contact
LDAP server
SSL error -5961 (TCP
connection
reset by
peer.)
Is sbtaddc001.bmitest.com
<http://sbtaddc001.bmitest.com/>
<http://sbtaddc001.bmitest.com/>
<http://sbtaddc001.bmitest.com/>
<http://sbtaddc001.bmitest.com/>
<http://sbtaddc001.bmitest.com/>
<http://sbtaddc001.bmitest.com/>
<http://sbtaddc001.bmitest.com
<http://sbtaddc001.bmitest.com/>
<http://sbtaddc001.bmitest.com/>
<http://sbtaddc001.bmitest.com/>
<http://sbtaddc001.bmitest.com/>
<http://sbtaddc001.bmitest.com/>
<http://sbtaddc001.bmitest.com/>>
the real, registered DNS
address for
the Active
Directory
server?
On both the linux machine and
the windows
machine?
Does a reverse DNS lookup on the IP
address
return that
hostname?
Is Active Directory configured to
use/listen
to SSL?
Does the cert db
/etc/dirsrv/slapd-BMITEST-COM/cert8.db
contain
the CA cert of the windows CA?
certutil -L -d
/etc/dirsrv/slapd-BMITEST-COM
On
Wed, Feb 24,
2010 at 6:20 PM, Rich Megginson
<rmegg...@redhat.com
<mailto:rmegg...@redhat.com>
<mailto:rmegg...@redhat.com <mailto:rmegg...@redhat.com>>
<mailto:rmegg...@redhat.com
<mailto:rmegg...@redhat.com> <mailto:rmegg...@redhat.com
<mailto:rmegg...@redhat.com>>>
<mailto:rmegg...@redhat.com
<mailto:rmegg...@redhat.com>
<mailto:rmegg...@redhat.com <mailto:rmegg...@redhat.com>>
<mailto:rmegg...@redhat.com
<mailto:rmegg...@redhat.com>
<mailto:rmegg...@redhat.com
<mailto:rmegg...@redhat.com>>>> <mailto:rmegg...@redhat.com
<mailto:rmegg...@redhat.com>
<mailto:rmegg...@redhat.com <mailto:rmegg...@redhat.com>>
<mailto:rmegg...@redhat.com
<mailto:rmegg...@redhat.com> <mailto:rmegg...@redhat.com
<mailto:rmegg...@redhat.com>>>
<mailto:rmegg...@redhat.com
<mailto:rmegg...@redhat.com>
<mailto:rmegg...@redhat.com
<mailto:rmegg...@redhat.com>> <mailto:rmegg...@redhat.com
<mailto:rmegg...@redhat.com>
<mailto:rmegg...@redhat.com
<mailto:rmegg...@redhat.com>>>>>
<mailto:rmegg...@redhat.com
<mailto:rmegg...@redhat.com>
<mailto:rmegg...@redhat.com <mailto:rmegg...@redhat.com>>
<mailto:rmegg...@redhat.com
<mailto:rmegg...@redhat.com> <mailto:rmegg...@redhat.com
<mailto:rmegg...@redhat.com>>>
<mailto:rmegg...@redhat.com
<mailto:rmegg...@redhat.com>
<mailto:rmegg...@redhat.com <mailto:rmegg...@redhat.com>>
<mailto:rmegg...@redhat.com
<mailto:rmegg...@redhat.com>
<mailto:rmegg...@redhat.com
<mailto:rmegg...@redhat.com>>>> <mailto:rmegg...@redhat.com
<mailto:rmegg...@redhat.com>
<mailto:rmegg...@redhat.com <mailto:rmegg...@redhat.com>>
<mailto:rmegg...@redhat.com
<mailto:rmegg...@redhat.com> <mailto:rmegg...@redhat.com
<mailto:rmegg...@redhat.com>>>
<mailto:rmegg...@redhat.com
<mailto:rmegg...@redhat.com>
<mailto:rmegg...@redhat.com
<mailto:rmegg...@redhat.com>> <mailto:rmegg...@redhat.com
<mailto:rmegg...@redhat.com>
<mailto:rmegg...@redhat.com
<mailto:rmegg...@redhat.com>>>>>>
<mailto:rmegg...@redhat.com
<mailto:rmegg...@redhat.com>
<mailto:rmegg...@redhat.com <mailto:rmegg...@redhat.com>>
<mailto:rmegg...@redhat.com
<mailto:rmegg...@redhat.com> <mailto:rmegg...@redhat.com
<mailto:rmegg...@redhat.com>>>
<mailto:rmegg...@redhat.com
<mailto:rmegg...@redhat.com>
<mailto:rmegg...@redhat.com
<mailto:rmegg...@redhat.com>> <mailto:rmegg...@redhat.com
<mailto:rmegg...@redhat.com>
<mailto:rmegg...@redhat.com <mailto:rmegg...@redhat.com>>>>
<mailto:rmegg...@redhat.com
<mailto:rmegg...@redhat.com>
<mailto:rmegg...@redhat.com <mailto:rmegg...@redhat.com>>
<mailto:rmegg...@redhat.com
<mailto:rmegg...@redhat.com> <mailto:rmegg...@redhat.com
<mailto:rmegg...@redhat.com>>>
<mailto:rmegg...@redhat.com
<mailto:rmegg...@redhat.com>
<mailto:rmegg...@redhat.com <mailto:rmegg...@redhat.com>>
<mailto:rmegg...@redhat.com
<mailto:rmegg...@redhat.com>
<mailto:rmegg...@redhat.com
<mailto:rmegg...@redhat.com>>>>> <mailto:rmegg...@redhat.com
<mailto:rmegg...@redhat.com>
<mailto:rmegg...@redhat.com <mailto:rmegg...@redhat.com>>
<mailto:rmegg...@redhat.com
<mailto:rmegg...@redhat.com> <mailto:rmegg...@redhat.com
<mailto:rmegg...@redhat.com>>>
<mailto:rmegg...@redhat.com
<mailto:rmegg...@redhat.com>
<mailto:rmegg...@redhat.com
<mailto:rmegg...@redhat.com>> <mailto:rmegg...@redhat.com
<mailto:rmegg...@redhat.com>
<mailto:rmegg...@redhat.com <mailto:rmegg...@redhat.com>>>>
<mailto:rmegg...@redhat.com
<mailto:rmegg...@redhat.com>
<mailto:rmegg...@redhat.com <mailto:rmegg...@redhat.com>>
<mailto:rmegg...@redhat.com
<mailto:rmegg...@redhat.com> <mailto:rmegg...@redhat.com
<mailto:rmegg...@redhat.com>>>
<mailto:rmegg...@redhat.com
<mailto:rmegg...@redhat.com>
<mailto:rmegg...@redhat.com <mailto:rmegg...@redhat.com>>
<mailto:rmegg...@redhat.com
<mailto:rmegg...@redhat.com>
<mailto:rmegg...@redhat.com
<mailto:rmegg...@redhat.com>>>>>>>> wrote:
Shan Kumaraswamy wrote:
Dear All,
I am facing the AD Sync
issue with
FreeIPA to Active
Directory, and as
per the
redhat-ds doc I
have
done all the
settings from AD
front. please
help me to
resolve this
issue.
And find the below error
message:
[r...@sbttipa001 ~]#
ipa-replica-manage add
--winsync
--binddn
CN=ipaadmin,CN=users,DC=bmitest,DC=com
--bindpw
secretpw --ca cert
/etc/dirsrv/slapd-BMITEST-COM/adsync.cer
sbtaddc001.bmitest.com <http://sbtaddc001.bmitest.com/>
<http://sbtaddc001.bmitest.com/>
<http://sbtaddc001.bmitest.com/>
<http://sbtaddc001.bmitest.com/>
<http://sbtaddc001.bmitest.com/>
<http://sbtaddc001.bmitest.com/>
<http://sbtaddc001.bmitest.com/>
<http://sbtaddc001.bmitest.com
<http://sbtaddc001.bmitest.com/> <http://sbtaddc001.bmitest.com/>
<http://sbtaddc001.bmitest.com/>
<http://sbtaddc001.bmitest.com/>
<http://sbtaddc001.bmitest.com/>
<http://sbtaddc001.bmitest.com/>
<http://sbtaddc001.bmitest.com/>> -v
--passsync
bmi.123
Directory Manager
password:
INFO:root:Shutting
down dirsrv:
BMITEST-COM...
[ OK ]
INFO:root:
INFO:root:
INFO:root:
INFO:root:Starting
dirsrv:
BMITEST-COM...
[ OK ]
INFO:root:
INFO:root:Added CA
certificate
/etc/dirsrv/slapd-BMITEST-COM/adsync.cer to
certificate
database for
sbttipa001.bmitest.com
<http://sbttipa001.bmitest.com/> <http://sbttipa001.bmitest.com/>
<http://sbttipa001.bmitest.com/>
<http://sbttipa001.bmitest.com/>
<http://sbttipa001.bmitest.com/>
<http://sbttipa001.bmitest.com/>
<http://sbttipa001.bmitest.com/>
<http://sbttipa001.bmitest.com
<http://sbttipa001.bmitest.com/> <http://sbttipa001.bmitest.com/>
<http://sbttipa001.bmitest.com/>
<http://sbttipa001.bmitest.com/>
<http://sbttipa001.bmitest.com/>
<http://sbttipa001.bmitest.com/>
<http://sbttipa001.bmitest.com/>>
INFO:root:Restarted
directory server
sbttipa001.bmitest.com
<http://sbttipa001.bmitest.com/>
<http://sbttipa001.bmitest.com/>
<http://sbttipa001.bmitest.com/>
<http://sbttipa001.bmitest.com/>
<http://sbttipa001.bmitest.com/>
<http://sbttipa001.bmitest.com/>
<http://sbttipa001.bmitest.com/>
<http://sbttipa001.bmitest.com
<http://sbttipa001.bmitest.com/> <http://sbttipa001.bmitest.com/>
<http://sbttipa001.bmitest.com/>
<http://sbttipa001.bmitest.com/>
<http://sbttipa001.bmitest.com/>
<http://sbttipa001.bmitest.com/>
<http://sbttipa001.bmitest.com/>>
INFO:root:Could not
validate
connection to
remote server
sbtaddc001.bmitest.com:636 <http://sbtaddc001.bmitest.com:636/>
<http://sbtaddc001.bmitest.com:636/>
<http://sbtaddc001.bmitest.com:636/>
<http://sbtaddc001.bmitest.com:636/>
<http://sbtaddc001.bmitest.com:636/>
<http://sbtaddc001.bmitest.com:636/>
<http://sbtaddc001.bmitest.com:636/>
<http://sbtaddc001.bmitest.com:636
<http://sbtaddc001.bmitest.com:636/>
<http://sbtaddc001.bmitest.com:636/>
<http://sbtaddc001.bmitest.com:636/>
<http://sbtaddc001.bmitest.com:636/>
<http://sbtaddc001.bmitest.com:636/>
<http://sbtaddc001.bmitest.com:636/>
<http://sbtaddc001.bmitest.com:636/>> -
continuing
INFO:root:The error was:
{'info':
'error:14090086:SSL
routines:SSL3_GET_SERVER_CERTIFICATE:certificate
verify
failed', 'desc ': "Can't
contact LDAP
server"}
The user for the Windows
PassSync
service is
uid=passsync,cn=sysaccounts,cn=etc,dc=bmitest,dc=com
Windows PassSync entry
exists, not
resetting
password
INFO:root:Added new sync
agreement,
waiting for
it to
become
ready . . .
INFO:root:Replication Update in
progress:
FALSE:
status: 49 -
LDAP error: Invalid
credentials:
start:
0: end: 0
INFO:root:Agreement is
ready, starting
replication . . .
Starting replication,
please wait
until
this has
completed.
[sbttipa001.bmitest.com <http://sbttipa001.bmitest.com/>
<http://sbttipa001.bmitest.com/>
<http://sbttipa001.bmitest.com/>
<http://sbttipa001.bmitest.com/>
<http://sbttipa001.bmitest.com/>
<http://sbttipa001.bmitest.com/>
<http://sbttipa001.bmitest.com/>
<http://sbttipa001.bmitest.com
<http://sbttipa001.bmitest.com/> <http://sbttipa001.bmitest.com/>
<http://sbttipa001.bmitest.com/>
<http://sbttipa001.bmitest.com/>
<http://sbttipa001.bmitest.com/>
<http://sbttipa001.bmitest.com/>
<http://sbttipa001.bmitest.com/>>]
reports:
Update failed!
Status: [49 - LDAP
error:
Invalid
credentials]
INFO:root:Added
agreement for
other host
sbtaddc001.bmitest.com <http://sbtaddc001.bmitest.com/>
<http://sbtaddc001.bmitest.com/>
<http://sbtaddc001.bmitest.com/>
<http://sbtaddc001.bmitest.com/>
<http://sbtaddc001.bmitest.com/>
<http://sbtaddc001.bmitest.com/>
<http://sbtaddc001.bmitest.com/>
<http://sbtaddc001.bmitest.com
<http://sbtaddc001.bmitest.com/> <http://sbtaddc001.bmitest.com/>
<http://sbtaddc001.bmitest.com/>
<http://sbtaddc001.bmitest.com/>
<http://sbtaddc001.bmitest.com/>
<http://sbtaddc001.bmitest.com/>
<http://sbtaddc001.bmitest.com/>>
Error 49 usually means the
password is not
correct. You
can use
mozldap ldapsearch to
test the
connection
like this:
/usr/lib/mozldap/ldapsearch -h
dchost
-p 636
-Z -P
/etc/dirsrv/slapd-BMITEST-COM/cert8.db -D
CN=ipaadmin,CN=users,DC=bmitest,DC=com -w
"secretpw" -s
base -b ""
"objectclass=*"
--
Thanks
& Regards
Shan Kumaraswamy
------------------------------------------------------------------------
_______________________________________________
Freeipa-users
mailing list
Freeipa-users@redhat.com <mailto:Freeipa-users@redhat.com>
<mailto:Freeipa-users@redhat.com
<mailto:Freeipa-users@redhat.com>>
<mailto:Freeipa-users@redhat.com
<mailto:Freeipa-users@redhat.com>
<mailto:Freeipa-users@redhat.com
<mailto:Freeipa-users@redhat.com>>>
<mailto:Freeipa-users@redhat.com
<mailto:Freeipa-users@redhat.com>
<mailto:Freeipa-users@redhat.com
<mailto:Freeipa-users@redhat.com>>
<mailto:Freeipa-users@redhat.com
<mailto:Freeipa-users@redhat.com>
<mailto:Freeipa-users@redhat.com
<mailto:Freeipa-users@redhat.com>>>>
<mailto:Freeipa-users@redhat.com
<mailto:Freeipa-users@redhat.com>
<mailto:Freeipa-users@redhat.com
<mailto:Freeipa-users@redhat.com>>
<mailto:Freeipa-users@redhat.com
<mailto:Freeipa-users@redhat.com>
<mailto:Freeipa-users@redhat.com
<mailto:Freeipa-users@redhat.com>>>
<mailto:Freeipa-users@redhat.com
<mailto:Freeipa-users@redhat.com>
<mailto:Freeipa-users@redhat.com
<mailto:Freeipa-users@redhat.com>>
<mailto:Freeipa-users@redhat.com
<mailto:Freeipa-users@redhat.com>
<mailto:Freeipa-users@redhat.com
<mailto:Freeipa-users@redhat.com>>>>>
<mailto:Freeipa-users@redhat.com
<mailto:Freeipa-users@redhat.com>
<mailto:Freeipa-users@redhat.com
<mailto:Freeipa-users@redhat.com>>
<mailto:Freeipa-users@redhat.com
<mailto:Freeipa-users@redhat.com>
<mailto:Freeipa-users@redhat.com
<mailto:Freeipa-users@redhat.com>>>
<mailto:Freeipa-users@redhat.com
<mailto:Freeipa-users@redhat.com>
<mailto:Freeipa-users@redhat.com
<mailto:Freeipa-users@redhat.com>>
<mailto:Freeipa-users@redhat.com
<mailto:Freeipa-users@redhat.com>
<mailto:Freeipa-users@redhat.com
<mailto:Freeipa-users@redhat.com>>>>
<mailto:Freeipa-users@redhat.com
<mailto:Freeipa-users@redhat.com>
<mailto:Freeipa-users@redhat.com
<mailto:Freeipa-users@redhat.com>>
<mailto:Freeipa-users@redhat.com
<mailto:Freeipa-users@redhat.com>
<mailto:Freeipa-users@redhat.com
<mailto:Freeipa-users@redhat.com>>>
<mailto:Freeipa-users@redhat.com
<mailto:Freeipa-users@redhat.com>
<mailto:Freeipa-users@redhat.com
<mailto:Freeipa-users@redhat.com>>
<mailto:Freeipa-users@redhat.com
<mailto:Freeipa-users@redhat.com>
<mailto:Freeipa-users@redhat.com
<mailto:Freeipa-users@redhat.com>>>>>>
<mailto:Freeipa-users@redhat.com
<mailto:Freeipa-users@redhat.com>
<mailto:Freeipa-users@redhat.com
<mailto:Freeipa-users@redhat.com>>
<mailto:Freeipa-users@redhat.com
<mailto:Freeipa-users@redhat.com>
<mailto:Freeipa-users@redhat.com
<mailto:Freeipa-users@redhat.com>>>
<mailto:Freeipa-users@redhat.com
<mailto:Freeipa-users@redhat.com>
<mailto:Freeipa-users@redhat.com
<mailto:Freeipa-users@redhat.com>>
<mailto:Freeipa-users@redhat.com
<mailto:Freeipa-users@redhat.com>
<mailto:Freeipa-users@redhat.com
<mailto:Freeipa-users@redhat.com>>>>
<mailto:Freeipa-users@redhat.com
<mailto:Freeipa-users@redhat.com>
<mailto:Freeipa-users@redhat.com
<mailto:Freeipa-users@redhat.com>>
<mailto:Freeipa-users@redhat.com
<mailto:Freeipa-users@redhat.com>
<mailto:Freeipa-users@redhat.com
<mailto:Freeipa-users@redhat.com>>>
<mailto:Freeipa-users@redhat.com
<mailto:Freeipa-users@redhat.com>
<mailto:Freeipa-users@redhat.com
<mailto:Freeipa-users@redhat.com>>
<mailto:Freeipa-users@redhat.com
<mailto:Freeipa-users@redhat.com>
<mailto:Freeipa-users@redhat.com
<mailto:Freeipa-users@redhat.com>>>>>
<mailto:Freeipa-users@redhat.com
<mailto:Freeipa-users@redhat.com>
<mailto:Freeipa-users@redhat.com
<mailto:Freeipa-users@redhat.com>>
<mailto:Freeipa-users@redhat.com
<mailto:Freeipa-users@redhat.com>
<mailto:Freeipa-users@redhat.com
<mailto:Freeipa-users@redhat.com>>>
<mailto:Freeipa-users@redhat.com
<mailto:Freeipa-users@redhat.com>
<mailto:Freeipa-users@redhat.com
<mailto:Freeipa-users@redhat.com>>
<mailto:Freeipa-users@redhat.com
<mailto:Freeipa-users@redhat.com>
<mailto:Freeipa-users@redhat.com
<mailto:Freeipa-users@redhat.com>>>>
<mailto:Freeipa-users@redhat.com
<mailto:Freeipa-users@redhat.com>
<mailto:Freeipa-users@redhat.com
<mailto:Freeipa-users@redhat.com>>
<mailto:Freeipa-users@redhat.com
<mailto:Freeipa-users@redhat.com>
<mailto:Freeipa-users@redhat.com
<mailto:Freeipa-users@redhat.com>>>
<mailto:Freeipa-users@redhat.com
<mailto:Freeipa-users@redhat.com>
<mailto:Freeipa-users@redhat.com
<mailto:Freeipa-users@redhat.com>>
<mailto:Freeipa-users@redhat.com
<mailto:Freeipa-users@redhat.com>
<mailto:Freeipa-users@redhat.com
<mailto:Freeipa-users@redhat.com>>>>>>>
https://www.redhat.com/mailman/listinfo/freeipa-users
-- Thanks & Regards
Shan Kumaraswamy
-- Thanks & Regards
Shan Kumaraswamy
-- Thanks & Regards
Shan Kumaraswamy
-- Thanks & Regards
Shan Kumaraswamy
-- Thanks & Regards
Shan Kumaraswamy
--
Thanks & Regards
Shan Kumaraswamy
--
Thanks & Regards
Shan Kumaraswamy
