On 03/13/2014 12:50 PM, Todd Maugh wrote:
Ok the error I see repeated in the log is

[13/Mar/2014:18:41:21 +0000] slapi_ldap_bind - Error: could not send startTLS request: error -11 (Connect error) errno 0 (Success) [13/Mar/2014:18:43:11 +0000] slapi_ldap_bind - Error: could not send startTLS request: error -11 (Connect error) errno 0 (Success) [13/Mar/2014:18:43:14 +0000] slapi_ldap_bind - Error: could not send startTLS request: error -11 (Connect error) errno 0 (Success) [13/Mar/2014:18:43:20 +0000] slapi_ldap_bind - Error: could not send startTLS request: error -11 (Connect error) errno 0 (Success) [13/Mar/2014:18:43:32 +0000] slapi_ldap_bind - Error: could not send startTLS request: error -11 (Connect error) errno 0 (Success) [13/Mar/2014:18:43:56 +0000] slapi_ldap_bind - Error: could not send startTLS request: error -11 (Connect error) errno 0 (Success) [13/Mar/2014:18:44:30 +0000] slapi_ldap_bind - Error: could not send startTLS request: error -1 (Can't contact LDAP server) errno 0 (Success) [13/Mar/2014:18:44:33 +0000] slapi_ldap_bind - Error: could not send startTLS request: error -11 (Connect error) errno 0 (Success) [13/Mar/2014:18:44:44 +0000] slapi_ldap_bind - Error: could not send startTLS request: error -11 (Connect error) errno 0 (Success) [13/Mar/2014:18:46:20 +0000] slapi_ldap_bind - Error: could not send startTLS request: error -11 (Connect error) errno 0 (Success) [13/Mar/2014:18:47:29 +0000] slapi_ldap_bind - Error: could not send startTLS request: error -11 (Connect error) errno 0 (Success) [13/Mar/2014:18:47:32 +0000] slapi_ldap_bind - Error: could not send startTLS request: error -11 (Connect error) errno 0 (Success) [13/Mar/2014:18:47:38 +0000] slapi_ldap_bind - Error: could not send startTLS request: error -11 (Connect error) errno 0 (Success) [13/Mar/2014:18:47:50 +0000] slapi_ldap_bind - Error: could not send startTLS request: error -11 (Connect error) errno 0 (Success) [13/Mar/2014:18:48:11 +0000] slapi_ldap_bind - Error: could not send startTLS request: error -11 (Connect error) errno 0 (Success) [13/Mar/2014:18:48:14 +0000] slapi_ldap_bind - Error: could not send startTLS request: error -11 (Connect error) errno 0 (Success) [13/Mar/2014:18:48:20 +0000] slapi_ldap_bind - Error: could not send startTLS request: error -11 (Connect error) errno 0 (Success) [13/Mar/2014:18:48:32 +0000] slapi_ldap_bind - Error: could not send startTLS request: error -11 (Connect error) errno 0 (Success) [13/Mar/2014:18:48:56 +0000] slapi_ldap_bind - Error: could not send startTLS request: error -11 (Connect error) errno 0 (Success)
[r...@idm-master-els.ops.boingo.com cacerts]$

Are all of these associated with the winsync agreement?


------------------------------------------------------------------------
*From:* Rich Megginson [rmegg...@redhat.com]
*Sent:* Thursday, March 13, 2014 11:43 AM
*To:* Todd Maugh; freeipa-users@redhat.com
*Subject:* Re: [Freeipa-users] [freeipa] Issues with Winsync agreement

On 03/13/2014 12:29 PM, Todd Maugh wrote:
ok so I ran that and Get this output

Ok.  Next, take a look at /var/log/dirsrv/slapd-OPS-BOINGO-COM/errors



[r...@idm-master-els.ops.boingo.com cacerts]$ LDAPTLS_CACERTDIR=/etc/dirsrv/slapd-OPS-BOINGO-COM ldapsearch -xLLLZZ -h adc13-els.bwinc.local -D "cn=idmadmin,cn=Users,dc=bwinc,dc=local" -w "XXXXXX" -s base -b "cn=Users,dc=bwinc,dc=local"
dn: cn=Users,dc=bwinc,dc=local
objectClass: top
objectClass: container
cn: Users
description: Default container for upgraded user accounts
distinguishedName: CN=Users,DC=BWINC,DC=local
instanceType: 4
whenCreated: 20060824234034.0Z
whenChanged: 20140306190741.0Z
uSNCreated: 17702
uSNChanged: 17702
showInAdvancedViewOnly: FALSE
name: Users
objectGUID:: kCZ7CbnIZk+0GpmCr3PCfw==
systemFlags: -1946157056
objectCategory: CN=Container,CN=Schema,CN=Configuration,DC=BWINC,DC=local
isCriticalSystemObject: TRUE
dSCorePropagationData: 20140306234416.0Z
dSCorePropagationData: 20140306234348.0Z
dSCorePropagationData: 20140306225101.0Z
dSCorePropagationData: 20140306225055.0Z
dSCorePropagationData: 16010101000000.0Z

------------------------------------------------------------------------
*From:* Rich Megginson [rmegg...@redhat.com]
*Sent:* Wednesday, March 12, 2014 3:47 PM
*To:* Todd Maugh; freeipa-users@redhat.com
*Subject:* Re: [Freeipa-users] [freeipa] Issues with Winsync agreement

On 03/12/2014 04:39 PM, Todd Maugh wrote:
thanks Rich,

when I run that  I get the following:


*[r...@idm-master-els.ops.boingo.com ipa]$ LDAPTLS_CACERTDIR=/etc/dirsrv/slapd-OPS-BOINGO-COM ldapsearch -xLLLZZ -h adc13-els.bwinc.local -D "cn=idmadmin,cn=Users,dc=bwinc,dc=local" -w "XXXXXX" s base -b "cn=Users,dc=bwinc,dc=local"
ldap_bind: Invalid credentials (49)
*

*Invalid credentials almost always means your password "XXXXXX" is not correct for user "**cn=idmadmin,cn=Users,dc=bwinc,dc=local"

*
* additional info: 80090308: LdapErr: DSID-0C0903C5, comment: AcceptSecurityContext error, data 52e, v2580
*


------------------------------------------------------------------------
*From:* Rich Megginson [rmegg...@redhat.com]
*Sent:* Wednesday, March 12, 2014 3:30 PM
*To:* Todd Maugh; freeipa-users@redhat.com
*Subject:* Re: [Freeipa-users] [freeipa] Issues with Winsync agreement

On 03/12/2014 04:18 PM, Todd Maugh wrote:
Hello.

I'm using latest IPA build on red hat 6.5

I retrieved my CA cert from the AD Domain controller

I try to set up my winsyncagreement and I am getting this



[r...@idm-master-els.ops.boingo.com ipa]$ ipa-replica-manage connect --winsync --binddn "cn=idmadmin, cn=Users, dc=bwinc, dc=local" --bindpw "XXXXXX" --passsync "XXXXXX" --cacert=/etc/openldap/cacerts/ADC13-ELS.CA.cer adc13-els.bwinc.local
Directory Manager password:

Added CA certificate /etc/openldap/cacerts/ADC13-ELS.CA.cer to certificate database for idm-master-els.ops.boingo.com
ipa: INFO: Failed to connect to AD server adc13-els.bwinc.local
ipa: INFO: The error was: {'info': '80090308: LdapErr: DSID-0C0903C5, comment: AcceptSecurityContext error, data 52e, v2580', 'desc': 'Invalid credentials'}
Failed to setup winsync replication


not sure where to look for the logs for this to see what the invalivd credentials are or wether this might still be a cert issue or a log in issue or what not?

You can test with ldapsearch like this:

$ LDAPTLS_CACERTDIR=/etc/dirsrv/slapd-DOMAIN-COM ldapsearch -xLLLZZ -h adc13-els.bwinc.local -D "cn=idmadmin,cn=Users,dc=bwinc,dc=local" -w "XXXXXX" -s base -b "cn=Users,dc=bwinc,dc=local"



Thanks in advance for the help

-Todd




_______________________________________________
Freeipa-users mailing list
Freeipa-users@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-users




_______________________________________________
Freeipa-users mailing list
Freeipa-users@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-users

Reply via email to