On 03/21/2013 12:37 PM, Joseph, Matthew (EXP) wrote:
Hello,
I'm currently in the processing of installing/configuring IPA 2.2.0-16
on a Red Hat 6.4 Server and I'm running into some issues trying to
get IPA to replicate to a Windows 2003 SP2 DC.
Here is the steps I took (I used the Red Hat Identity Management Guide)
1)Create idmpasssync user under AD and give him the permissions requested
2)Download IPA cert from web gui
3)Installed IPA cert under Trusted Root Certificates Authorities
4)Exported Windows cert to Red Hat Server
5)Copied both IPA and Windows certs to /etc/openldap/cacerts
6)Run the following command
a.Ipa-replica-manage connect --winsync --binddn
cn=idmpasssync,cn=users,dc=domain,dc=ca --bindpw
WindowsIDMPassSyncPW -- passsync WindowsIDMPassSyncPW --cacert
/etc/openldap/cacerts/windows.cer adserver.domain.ca --v
7)After running that command I get the following error;
a.Added CA Certificate /etc/openldap/cacerts/windows.cer to
certificate database for IPAserver.domain.ca
ipa: INFO: Failed to connect to AD server adserver.domain.ca
ipa: INFO: The error was: {'info': 80090308: LdapErr: DSID-0C090334,
comment: AcceptSecurityContext error, data 525, vece', 'desc':
'Invalid Credentials'}
Failed to setup winsync replication
I checked the IPA logs and it says the same thing above, no new
information
I know I entered the password correctly and I even changed it on the
Active Directory side just to make sure.
Can anyone see what I am doing wrong on this configuration?
Try this:
ldapsearch -xLLL -ZZ -h adserver.domain.ca -D
"cn=idmpasssync,cn=users,dc=domain,dc=ca" -w 'WindowsIDMPassSyncPW' -s
base -b ""
Matt
_______________________________________________
Freeipa-users mailing list
Freeipa-users@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-users
_______________________________________________
Freeipa-users mailing list
Freeipa-users@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-users