On 03/13/2015 12:45 PM, g.fer.or...@unicyber.co.uk wrote:
Hi

I am going forward with a Password Sync AD  (window 2013) ---- FreeIPA

ipa-server-3.3.3-28.0.1.el7 on a Centos7 Box.

I got the Password Sync Tool installed in the Windows2013 box and I have created a user with it's related password as I am trying to test the password changes...

Looking at the access logs I can see the following related to the Sync Process:

--------

[13/Mar/2015:09:22:02 -0700] conn=2 op=10 RESULT err=32 tag=101 nentries=0 
etime=0
[13/Mar/2015:09:23:27 -0700] conn=13 fd=82 slot=82 SSL connection from 
AD.Server to FreeIPA.Server
[13/Mar/2015:09:23:27 -0700] conn=13 op=-1 fd=82 closed - Peer reports 
incompatible or unsupported protocol version.
[13/Mar/2015:09:23:29 -0700] conn=14 fd=82 slot=82 SSL connection from 
AD.Server to FreeIPA.Server
[13/Mar/2015:09:23:29 -0700] conn=14 op=-1 fd=82 closed - Peer reports 
incompatible or unsupported protocol version.
[13/Mar/2015:09:23:33 -0700] conn=15 fd=82 slot=82 SSL connection from 
AD.Server to FreeIPA.Server
[13/Mar/2015:09:23:33 -0700] conn=15 op=-1 fd=82 closed - Peer reports 
incompatible or unsupported protocol version.
[13/Mar/2015:09:23:41 -0700] conn=16 fd=82 slot=82 SSL connection from 
AD.Server to FreeIPA.Server
[13/Mar/2015:09:23:41 -0700] conn=16 op=-1 fd=82 closed - Peer reports 
incompatible or unsupported protocol version.
[13/Mar/2015:09:23:57 -0700] conn=17 fd=82 slot=82 SSL connection from 
AD.Server to FreeIPA.Server
[13/Mar/2015:09:23:57 -0700] conn=17 op=-1 fd=82 closed - Peer reports 
incompatible or unsupported protocol version.
[13/Mar/2015:09:24:29 -0700] conn=18 fd=82 slot=82 SSL connection from 
AD.Server to FreeIPA.Server
[13/Mar/2015:09:24:29 -0700] conn=18 op=-1 fd=82 closed - Peer reports 
incompatible or unsupported protocol version.
[13/Mar/2015:09:25:34 -0700] conn=19 fd=91 slot=91 SSL connection from 
AD.Server to FreeIPA.Server
[13/Mar/2015:09:25:34 -0700] conn=19 op=-1 fd=91 closed - Peer reports 
incompatible or unsupported protocol version.
--------

So the passwords do not seem to be copied across.
Any idea why is this happening and how to troubleshoot it?

Many Thanks



This might be related to the one of the vulnerabilities that was found last year. Make sure that you have the latest available versions on both sides. If you have a mismatch then the client might not talk the TLS version that server expects or vice verse.

--
Thank you,
Dmitri Pal

Sr. Engineering Manager IdM portfolio
Red Hat, Inc.

-- 
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go to http://freeipa.org for more info on the project

Reply via email to