I am having a look at the documentation again..

And having version 1.1.6 of the PassSync tool means:

[**] 389-PassSync-1.1.6disables SSLv3 by default.


And I can see in the LDAP Info from IPA that SSLv3 and SSLv2 as OFF.. So, "theoretically", it should work as SSLv3 is disable on both?

thanks!

On 13/03/2015 19:04, g.fer.or...@unicyber.co.uk wrote:

Thanks to everyone for the replies.

The installed version for the passsync is 1.1.6 and using the latest I got in RPMs form centos7 so the following:
89-ds-base-1.3.1.6-26.el7_0.x86_64
389-ds-base-libs-1.3.1.6-26.el7_0.x86_64
sssd-ipa-1.11.2-68.el7_0.6.x86_64
ipa-python-3.3.3-28.0.1.el7.centos.3.x86_64
ipa-admintools-3.3.3-28.0.1.el7.centos.3.x86_64
libipa_hbac-1.11.2-68.el7_0.6.x86_64
ipa-server-3.3.3-28.0.1.el7.centos.3.x86_64
ipa-client-3.3.3-28.0.1.el7.centos.3.x86_64
libipa_hbac-python-1.11.2-68.el7_0.6.x86_64

I haven't installed anything manually but using the Centos' Repos...

thanks!!!




On 2015-03-13 17:02, Dmitri Pal wrote:
On 03/13/2015 12:45 PM, g.fer.or...@unicyber.co.uk wrote:

Hi

I am going forward with a Password Sync AD (window 2013) ----
FreeIPA

ipa-server-3.3.3-28.0.1.el7 on a Centos7 Box.

I got the Password Sync Tool installed in the Windows2013 box and I
have created a user with it's related password as I am trying to
test the password changes...

Looking at the access logs I can see the following related to the
Sync Process:

--------

[13/Mar/2015:09:22:02 -0700] conn=2 op=10 RESULT err=32 tag=101
nentries=0 etime=0
[13/Mar/2015:09:23:27 -0700] conn=13 fd=82 slot=82 SSL connection
from AD.Server to FreeIPA.Server
[13/Mar/2015:09:23:27 -0700] conn=13 op=-1 fd=82 closed - Peer
reports incompatible or unsupported protocol version.
[13/Mar/2015:09:23:29 -0700] conn=14 fd=82 slot=82 SSL connection
from AD.Server to FreeIPA.Server
[13/Mar/2015:09:23:29 -0700] conn=14 op=-1 fd=82 closed - Peer
reports incompatible or unsupported protocol version.
[13/Mar/2015:09:23:33 -0700] conn=15 fd=82 slot=82 SSL connection
from AD.Server to FreeIPA.Server
[13/Mar/2015:09:23:33 -0700] conn=15 op=-1 fd=82 closed - Peer
reports incompatible or unsupported protocol version.
[13/Mar/2015:09:23:41 -0700] conn=16 fd=82 slot=82 SSL connection
from AD.Server to FreeIPA.Server
[13/Mar/2015:09:23:41 -0700] conn=16 op=-1 fd=82 closed - Peer
reports incompatible or unsupported protocol version.
[13/Mar/2015:09:23:57 -0700] conn=17 fd=82 slot=82 SSL connection
from AD.Server to FreeIPA.Server
[13/Mar/2015:09:23:57 -0700] conn=17 op=-1 fd=82 closed - Peer
reports incompatible or unsupported protocol version.
[13/Mar/2015:09:24:29 -0700] conn=18 fd=82 slot=82 SSL connection
from AD.Server to FreeIPA.Server
[13/Mar/2015:09:24:29 -0700] conn=18 op=-1 fd=82 closed - Peer
reports incompatible or unsupported protocol version.
[13/Mar/2015:09:25:34 -0700] conn=19 fd=91 slot=91 SSL connection
from AD.Server to FreeIPA.Server
[13/Mar/2015:09:25:34 -0700] conn=19 op=-1 fd=91 closed - Peer
reports incompatible or unsupported protocol version.
--------

So the passwords do not seem to be copied across.
Any idea why is this happening and how to troubleshoot it?

Many Thanks
 This might be related to the one of the vulnerabilities that was
found last year. Make sure that you have the latest available versions
on both sides. If you have a mismatch then the client might not talk
the TLS version that server expects or vice verse.

--
Thank you,
Dmitri Pal

Sr. Engineering Manager IdM portfolio
Red Hat, Inc.


-- 
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go to http://freeipa.org for more info on the project

Reply via email to