from:"Сапегин Валерий"

Re: [Freeipa-users] Synchronization Agreements between FreeIPA and AD

2014-11-13 Thread Сапегин Валерий

Hi Rich!

I turned on the log and see the following records

[13/Nov/2014:14:27:02 +0300] NSMMReplicationPlugin - agmt=cn=
meTocsbi-it-dc01.csbigroup.ru (csbi-it-dc01:389): State: start_backoff -
backoff
[13/Nov/2014:14:27:02 +0300] - acquire_replica, supplier RUV:
[13/Nov/2014:14:27:02 +0300] NSMMReplicationPlugin - supplier:
{replicageneration} 5440f0390003
[13/Nov/2014:14:27:02 +0300] NSMMReplicationPlugin - supplier: {replica 3
ldap://ipa.test-csbi-its.ru:389} 5440f03900010003 5464956e0003
5464956e
[13/Nov/2014:14:27:02 +0300] - acquire_replica, consumer RUV:
[13/Nov/2014:14:27:02 +0300] - acquire_replica, consumer RUV = null
[13/Nov/2014:14:27:02 +0300] - acquire_replica, supplier RUV is newer
[13/Nov/2014:14:27:02 +0300] NSMMReplicationPlugin - agmt=cn=
meTocsbi-it-dc01.csbigroup.ru (csbi-it-dc01:389): Cancelling linger on the
connection
[13/Nov/2014:14:27:02 +0300] - _csngen_adjust_local_time: gen state before
546495820001:1415878018:0:0
[13/Nov/2014:14:27:02 +0300] - _csngen_adjust_local_time: gen state after
54649586:1415878022:0:0
[13/Nov/2014:14:27:02 +0300] NSMMReplicationPlugin - agmt=cn=
meTocsbi-it-dc01.csbigroup.ru (csbi-it-dc01:389): State: backoff -
sending_updates
[13/Nov/2014:14:27:02 +0300] NSMMReplicationPlugin - agmt=cn=
meTocsbi-it-dc01.csbigroup.ru (csbi-it-dc01:389): Replica has no update
vector. It has never been initialized.
[13/Nov/2014:14:27:02 +0300] NSMMReplicationPlugin - agmt=cn=
meTocsbi-it-dc01.csbigroup.ru (csbi-it-dc01:389): Beginning linger on the
connection
[13/Nov/2014:14:27:02 +0300] NSMMReplicationPlugin - agmt=cn=
meTocsbi-it-dc01.csbigroup.ru (csbi-it-dc01:389): State: sending_updates
- start_backoff



   Best regards, Valeriy



On 10/29/2014 03:19 AM, Сапегин Валерий wrote:

Yes Dmitri, ldapsearch works good:

[root ipa ~]# LDAPTLS_CACERTDIR=/etc/dirsrv/slapd-TEST-CSBI-ITS-RU/
ldapsearch -xLLL -ZZ -h csbi-it-dc01.csbigroup.ru -D
cn=ipa-test,cn=users,dc=csbigroup,dc=ru -w t -s base -b
cn=users,dc=csbigroup,dc=ru
dn: cn=users,dc=csbigroup,dc=ru
objectClass: top
objectClass: container
cn: Users
description: Default container for upgraded user accounts
distinguishedName: CN=Users,DC=csbigroup,DC=ru
instanceType: 4
...
...


Ok.  Now try to do a windows sync with the dirsrv replication error log
level - http://www.port389.org/docs/389ds/FAQ/faq.html#troubleshooting

Then we can take a look at the detailed errors.


 С уважением, Сапегин Валерий

2014-10-23 16:19 GMT+04:00 Сапегин Валерий unitaip gmail com:

Hello!

  I tryed to configure synchronization between FreeIPA and  Windows AD
 2012. In the thirst time accounts from AD synchronization properly but next
 schedule after 5 min is not work and in error log I see the following
 errors:

 # tail -f /var/log/dirsrv/slapd-TEST-CSBI-ITS-RU/errors
 [23/Oct/2014:15:51:34 +0300] NSMMReplicationPlugin - agmt=cn=
 meTocsbi-it-dc01.csbigroup.ru (csbi-it-dc01:389): Replica has no update
 vector. It has never been initialized.
 [23/Oct/2014:15:51:37 +0300] NSMMReplicationPlugin - agmt=cn=
 meTocsbi-it-dc01.csbigroup.ru (csbi-it-dc01:389): Replica has no update
 vector. It has never been initialized.
 [23/Oct/2014:15:51:40 +0300] NSMMReplicationPlugin - agmt=cn=
 meTocsbi-it-dc01.csbigroup.ru (csbi-it-dc01:389): Replica has no update
 vector. It has never been initialized.

  Thirst synchronization out

 Added CA certificate /etc/openldap/certs/CSBIGROUP-CA.crt to certificate
 database for ipa.test-csbi-its.ru
 ipa: INFO: AD Suffix is: DC=csbigroup,DC=ru
 The user for the Windows PassSync service is
 uid=passsync,cn=sysaccounts,cn=etc,dc=test-csbi-its,dc=ru
 Windows PassSync entry exists, not resetting password
 ipa: INFO: Added new sync agreement, waiting for it to become ready . . .
 ipa: INFO: Replication Update in progress: FALSE: status: 0 Replica
 acquired successfully: Incremental update started: start: 0: end: 0
 ipa: INFO: Agreement is ready, starting replication . . .
 Starting replication, please wait until this has completed.
 Update in progress, 13 seconds elapsed
 [ipa.test-csbi-its.ru] reports: Update failed! Status: [-1 Total update
 abortedLDAP error: Can't contact LDAP server]

 Failed to start replication



  FreeIPA server version 3.3.3
  OS version Centos 7
  AD Domain 2012

  Can you help me to resolve this problem?

 Best regards, Valeriy

-- 
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go To http://freeipa.org for more info on the project

Re: [Freeipa-users] Synchronization Agreements between FreeIPA and AD

2014-10-29 Thread Сапегин Валерий

Yes Dmitri, ldapsearch works good:

[root@ipa ~]# LDAPTLS_CACERTDIR=/etc/dirsrv/slapd-TEST-CSBI-ITS-RU/
ldapsearch -xLLL -ZZ -h csbi-it-dc01.csbigroup.ru -D
cn=ipa-test,cn=users,dc=csbigroup,dc=ru -w t -s base -b
cn=users,dc=csbigroup,dc=ru
dn: cn=users,dc=csbigroup,dc=ru
objectClass: top
objectClass: container
cn: Users
description: Default container for upgraded user accounts
distinguishedName: CN=Users,DC=csbigroup,DC=ru
instanceType: 4
...
...


С уважением, Сапегин Валерий

2014-10-23 16:19 GMT+04:00 Сапегин Валерий unit...@gmail.com:

 Hello!

 I tryed to configure synchronization between FreeIPA and  Windows AD 2012.
 In the thirst time accounts from AD synchronization properly but next
 schedule after 5 min is not work and in error log I see the following
 errors:

 # tail -f /var/log/dirsrv/slapd-TEST-CSBI-ITS-RU/errors
 [23/Oct/2014:15:51:34 +0300] NSMMReplicationPlugin - agmt=cn=
 meTocsbi-it-dc01.csbigroup.ru (csbi-it-dc01:389): Replica has no update
 vector. It has never been initialized.
 [23/Oct/2014:15:51:37 +0300] NSMMReplicationPlugin - agmt=cn=
 meTocsbi-it-dc01.csbigroup.ru (csbi-it-dc01:389): Replica has no update
 vector. It has never been initialized.
 [23/Oct/2014:15:51:40 +0300] NSMMReplicationPlugin - agmt=cn=
 meTocsbi-it-dc01.csbigroup.ru (csbi-it-dc01:389): Replica has no update
 vector. It has never been initialized.

 Thirst synchronization out

 Added CA certificate /etc/openldap/certs/CSBIGROUP-CA.crt to certificate
 database for ipa.test-csbi-its.ru
 ipa: INFO: AD Suffix is: DC=csbigroup,DC=ru
 The user for the Windows PassSync service is
 uid=passsync,cn=sysaccounts,cn=etc,dc=test-csbi-its,dc=ru
 Windows PassSync entry exists, not resetting password
 ipa: INFO: Added new sync agreement, waiting for it to become ready . . .
 ipa: INFO: Replication Update in progress: FALSE: status: 0 Replica
 acquired successfully: Incremental update started: start: 0: end: 0
 ipa: INFO: Agreement is ready, starting replication . . .
 Starting replication, please wait until this has completed.
 Update in progress, 13 seconds elapsed
 [ipa.test-csbi-its.ru] reports: Update failed! Status: [-1 Total update
 abortedLDAP error: Can't contact LDAP server]

 Failed to start replication



 FreeIPA server version 3.3.3
 OS version Centos 7
 AD Domain 2012

 Can you help me to resolve this problem?

 Best regards, Valeriy

-- 
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go To http://freeipa.org for more info on the project

[Freeipa-users] Synchronization Agreements between FreeIPA and AD

2014-10-23 Thread Сапегин Валерий

 Hello!

I tryed to configure synchronization between FreeIPA and  Windows AD 2012.
In the thirst time accounts from AD synchronization properly but next
schedule after 5 min is not work and in error log I see the following
errors:

# tail -f /var/log/dirsrv/slapd-TEST-CSBI-ITS-RU/errors
[23/Oct/2014:15:51:34 +0300] NSMMReplicationPlugin - agmt=cn=
meTocsbi-it-dc01.csbigroup.ru (csbi-it-dc01:389): Replica has no update
vector. It has never been initialized.
[23/Oct/2014:15:51:37 +0300] NSMMReplicationPlugin - agmt=cn=
meTocsbi-it-dc01.csbigroup.ru (csbi-it-dc01:389): Replica has no update
vector. It has never been initialized.
[23/Oct/2014:15:51:40 +0300] NSMMReplicationPlugin - agmt=cn=
meTocsbi-it-dc01.csbigroup.ru (csbi-it-dc01:389): Replica has no update
vector. It has never been initialized.

Thirst synchronization out

Added CA certificate /etc/openldap/certs/CSBIGROUP-CA.crt to certificate
database for ipa.test-csbi-its.ru
ipa: INFO: AD Suffix is: DC=csbigroup,DC=ru
The user for the Windows PassSync service is
uid=passsync,cn=sysaccounts,cn=etc,dc=test-csbi-its,dc=ru
Windows PassSync entry exists, not resetting password
ipa: INFO: Added new sync agreement, waiting for it to become ready . . .
ipa: INFO: Replication Update in progress: FALSE: status: 0 Replica
acquired successfully: Incremental update started: start: 0: end: 0
ipa: INFO: Agreement is ready, starting replication . . .
Starting replication, please wait until this has completed.
Update in progress, 13 seconds elapsed
[ipa.test-csbi-its.ru] reports: Update failed! Status: [-1 Total update
abortedLDAP error: Can't contact LDAP server]

Failed to start replication



FreeIPA server version 3.3.3
OS version Centos 7
AD Domain 2012

Can you help me to resolve this problem?

Best regards, Valeriy
-- 
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go To http://freeipa.org for more info on the project

Re: [Freeipa-users] Synchronization Agreements between FreeIPA and AD

Re: [Freeipa-users] Synchronization Agreements between FreeIPA and AD

[Freeipa-users] Synchronization Agreements between FreeIPA and AD

3 matches

Site Navigation

Mail list logo

Footer information