On 03/13/2015 12:45 PM, [email protected] wrote:
Hi
I am going forward with a Password Sync AD (window 2013) ---- FreeIPA
ipa-server-3.3.3-28.0.1.el7 on a Centos7 Box.
I got the Password Sync Tool installed in the Windows2013 box and I
have created a user with it's related password as I am trying to test
the password changes...
Looking at the access logs I can see the following related to the Sync
Process:
--------
[13/Mar/2015:09:22:02 -0700] conn=2 op=10 RESULT err=32 tag=101 nentries=0
etime=0
[13/Mar/2015:09:23:27 -0700] conn=13 fd=82 slot=82 SSL connection from
AD.Server to FreeIPA.Server
[13/Mar/2015:09:23:27 -0700] conn=13 op=-1 fd=82 closed - Peer reports
incompatible or unsupported protocol version.
[13/Mar/2015:09:23:29 -0700] conn=14 fd=82 slot=82 SSL connection from
AD.Server to FreeIPA.Server
[13/Mar/2015:09:23:29 -0700] conn=14 op=-1 fd=82 closed - Peer reports
incompatible or unsupported protocol version.
[13/Mar/2015:09:23:33 -0700] conn=15 fd=82 slot=82 SSL connection from
AD.Server to FreeIPA.Server
[13/Mar/2015:09:23:33 -0700] conn=15 op=-1 fd=82 closed - Peer reports
incompatible or unsupported protocol version.
[13/Mar/2015:09:23:41 -0700] conn=16 fd=82 slot=82 SSL connection from
AD.Server to FreeIPA.Server
[13/Mar/2015:09:23:41 -0700] conn=16 op=-1 fd=82 closed - Peer reports
incompatible or unsupported protocol version.
[13/Mar/2015:09:23:57 -0700] conn=17 fd=82 slot=82 SSL connection from
AD.Server to FreeIPA.Server
[13/Mar/2015:09:23:57 -0700] conn=17 op=-1 fd=82 closed - Peer reports
incompatible or unsupported protocol version.
[13/Mar/2015:09:24:29 -0700] conn=18 fd=82 slot=82 SSL connection from
AD.Server to FreeIPA.Server
[13/Mar/2015:09:24:29 -0700] conn=18 op=-1 fd=82 closed - Peer reports
incompatible or unsupported protocol version.
[13/Mar/2015:09:25:34 -0700] conn=19 fd=91 slot=91 SSL connection from
AD.Server to FreeIPA.Server
[13/Mar/2015:09:25:34 -0700] conn=19 op=-1 fd=91 closed - Peer reports
incompatible or unsupported protocol version.
--------
So the passwords do not seem to be copied across.
Any idea why is this happening and how to troubleshoot it?
Many Thanks
This might be related to the one of the vulnerabilities that was found
last year. Make sure that you have the latest available versions on both
sides. If you have a mismatch then the client might not talk the TLS
version that server expects or vice verse.
--
Thank you,
Dmitri Pal
Sr. Engineering Manager IdM portfolio
Red Hat, Inc.
--
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go to http://freeipa.org for more info on the project
