Re: [Freeipa-users] Creating password sync

[Rich Megginson]

On 02/04/2014 01:13 PM, Todd Maugh wrote:
now I am getting this after rerunning the install and trying to 
reinstall my cert

LDAP bind error in connect
   81: Can't Contact LDAP Server

That means
1) ipa ldap server is down
2) some sort of network problem
3) incorrect host/port specified in passsync config
4) host specified in passsync config is not the FQDN, or the FQDN 
doesn't resolve both forward and reverse from the windows box
5) host specified in the passsync config does not match the ipa ldap 
server certificate subject dn
6) incorrect CA cert installed in passsync cert db


------------------------------------------------------------------------
*From:* freeipa-users-boun...@redhat.com 
[freeipa-users-boun...@redhat.com] on behalf of Todd Maugh 
[tma...@boingo.com]
*Sent:* Tuesday, February 04, 2014 11:56 AM
*To:* Rich Megginson; d...@redhat.com
*Cc:* freeipa-users@redhat.com
*Subject:* Re: [Freeipa-users] Creating password sync

Im seeing these errors in the passsync.log

32: No such object
02/03/14 16:23:40: Ldap error in QueryUsername
32: No such object
02/03/14 16:57:48: Abandoning password change for scottb, backoff expired
02/03/14 16:57:48: Ldap bind error in Connect
32: No such object
02/03/14 16:57:48: Ldap error in QueryUsername
32: No such object
02/03/14 18:06:04: Abandoning password change for scottb, backoff expired
02/03/14 18:06:04: Ldap bind error in Connect
32: No such object
02/04/14 10:24:59: PassSync service initialized
02/04/14 10:24:59: PassSync service running
02/04/14 10:25:00: Ldap bind error in Connect
32: No such object
02/04/14 10:58:37: Ldap bind error in Connect
32: No such object
02/04/14 10:58:37: PassSync service stopped
02/04/14 10:58:38: PassSync service initialized
02/04/14 10:58:38: PassSync service running
02/04/14 10:58:39: Ldap bind error in Connect
32: No such object



------------------------------------------------------------------------
*From:* Rich Megginson [rmegg...@redhat.com]
*Sent:* Tuesday, February 04, 2014 9:19 AM
*To:* Todd Maugh; d...@redhat.com
*Cc:* freeipa-users@redhat.com
*Subject:* Re: Creating password sync

On 02/04/2014 10:17 AM, Todd Maugh wrote:
also I have verified the password synchronization service is started 
and running on the windows 2008 R2 server


but I cant tell if or what it is doing because iM not getting 
passwords to my IDM
http://port389.org/wiki/Howto:WindowsSync#PassSync_Logging

You can also look at the 389 access log to see if you have connections 
from the windows box.

------------------------------------------------------------------------
*From:* freeipa-users-boun...@redhat.com 
[freeipa-users-boun...@redhat.com] on behalf of Todd Maugh 
[tma...@boingo.com]
*Sent:* Tuesday, February 04, 2014 9:04 AM
*To:* Rich Megginson; d...@redhat.com
*Cc:* freeipa-users@redhat.com
*Subject:* [Freeipa-users] Creating password sync

Ok, So I have my replication agreement set up.

and I see accounts coming in to my IDM server from AD

I have followed this guide from redhat

https://access.redhat.com/site/documentation/en-US/Red_Hat_Enterprise_Linux/6/html/Identity_Management_Guide/pass-sync.html

to set up my password sync.

I get no errors

but my passwords are not syncing!

Help! the documentation tells o fno way to verify or trouble shoot


Thank You

-Todd Maugh
tma...@boingo.com


_______________________________________________
Freeipa-users mailing list
Freeipa-users@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-users