thanks Rich,

when I run that  I get the following:

[ ipa]$ 
LDAPTLS_CACERTDIR=/etc/dirsrv/slapd-OPS-BOINGO-COM ldapsearch -xLLLZZ -h 
adc13-els.bwinc.local -D "cn=idmadmin,cn=Users,dc=bwinc,dc=local" -w "XXXXXX" s 
base -b "cn=Users,dc=bwinc,dc=local"
ldap_bind: Invalid credentials (49)
    additional info: 80090308: LdapErr: DSID-0C0903C5, comment: 
AcceptSecurityContext error, data 52e, v2580

From: Rich Megginson []
Sent: Wednesday, March 12, 2014 3:30 PM
To: Todd Maugh;
Subject: Re: [Freeipa-users] [freeipa] Issues with Winsync agreement

On 03/12/2014 04:18 PM, Todd Maugh wrote:

I'm using latest IPA build on red hat 6.5

I retrieved my CA cert from the AD Domain controller

I try to set up my winsyncagreement and I am getting this

ipa]$ ipa-replica-manage connect --winsync --binddn "cn=idmadmin, cn=Users, 
dc=bwinc, dc=local" --bindpw "XXXXXX" --passsync "XXXXXX" 
--cacert=/etc/openldap/cacerts/ADC13-ELS.CA.cer adc13-els.bwinc.local
Directory Manager password:

Added CA certificate /etc/openldap/cacerts/ADC13-ELS.CA.cer to certificate 
database for
ipa: INFO: Failed to connect to AD server adc13-els.bwinc.local
ipa: INFO: The error was: {'info': '80090308: LdapErr: DSID-0C0903C5, comment: 
AcceptSecurityContext error, data 52e, v2580', 'desc': 'Invalid credentials'}
Failed to setup winsync replication

not sure where to look for the logs for this to see what the invalivd 
credentials are or wether this might still be a cert issue or a log in issue or 
what not?

You can test with ldapsearch like this:

$ LDAPTLS_CACERTDIR=/etc/dirsrv/slapd-DOMAIN-COM ldapsearch -xLLLZZ -h 
adc13-els.bwinc.local -D "cn=idmadmin,cn=Users,dc=bwinc,dc=local" -w "XXXXXX" 
-s base -b "cn=Users,dc=bwinc,dc=local"

Thanks in advance for the help


Freeipa-users mailing list<>

Freeipa-users mailing list

Reply via email to