steve nguyen
2008-Sep-01 09:09 UTC
[Fedora-directory-users] LDAP Error with sync agreement using ssl
Hi everybody, I have created two sync agreement in FDS. I''ve got an error message with the one using ssl : "LDAP error: Can''t contact LDAP server. Error Code 81. The second sync agreement without ssl works. I think this error should come from a certificate that I''ve create. To create my certificate on Fedora I''ve used the second script from the fds wiki. I want to know another thing : I selected a single master in the replica role column. If I choose multiple master, will the sync happen from both side : ad and fds ? ps : escuse me for my bad english. _________________________________________________________________ Contrôlez les personnes autorisées à parler à vos enfants sur MSN / Windows Live Messenger ! http://www.windowslive.fr/controleparental/default.asp
Groot, Mathijs de (IDT Competence Java)
2008-Sep-02 13:06 UTC
RE: [Fedora-directory-users] LDAP Error with sync agreement using ssl
Hi, I have / had the same problem. The first question is, what architecture are you running, a 32bit of 64bits version? Im working with a Red Hat Directory Server, Ive set up the SSL and the certificates for a few times now on 64bit RHEL servers, but it is just not working I''m working on it with the Red Hat Support team but haven''t got the solution yet. Ive set up a couple of 32bits servers and they are working fine with the windows synchronization over SSL. If more people have it same problem (32bits vs 64bits SSL Sync), I would like to hear from it. And if you are running a 64bits Red Hat Enterprise 5 server and the Windows Sync over SSL is working fine, I would like to know what version you are running. Best regards, Mathijs de Groot From: fedora-directory-users-bounces@redhat.com [mailto:fedora-directory-users-bounces@redhat.com] On Behalf Of steve nguyen Sent: maandag 1 september 2008 11:10 To: fedora-directory-users@redhat.com Subject: [Fedora-directory-users] LDAP Error with sync agreement using ssl Hi everybody, I have created two sync agreement in FDS. I''ve got an error message with the one using ssl : "LDAP error: Can''t contact LDAP server. Error Code 81. The second sync agreement without ssl works. I think this error should come from a certificate that I''ve create. To create my certificate on Fedora I''ve used the second script from the fds wiki. I want to know another thing : I selected a single master in the replica role column. If I choose multiple master, will the sync happen from both side : ad and fds ? ps : escuse me for my bad english. ________________________________ Avec une webcam et Messenger partagez vos émotions en vidéo ! Téléchargez gratuitement ! <http://www.windowslive.fr/messenger/> This e-mail and any attachment is for authorised use by the intended recipient(s) only. It may contain proprietary material, confidential information and/or be subject to legal privilege. It should not be copied, disclosed to, retained or used by, any other party. If you are not an intended recipient then please promptly delete this e-mail and any attachment and all copies and inform the sender. Thank you.
steve nguyen
2008-Sep-02 13:34 UTC
RE: [Fedora-directory-users] LDAP Error with sync agreement using ssl
Hi, I''m using a 32 bit version thanks Subject: RE: [Fedora-directory-users] LDAP Error with sync agreement using sslDate: Tue, 2 Sep 2008 15:06:29 +0200From: math.de.groot@logica.comTo: fedora-directory-users@redhat.com Hi, I have / had the same problem. The first question is, what architecture are you running, a 32bit of 64bits version? Im working with a Red Hat Directory Server, Ive set up the SSL and the certificates for a few times now on 64bit RHEL servers, but it is just not working I’m working on it with the Red Hat Support team but haven’t got the solution yet. Ive set up a couple of 32bits servers and they are working fine with the windows synchronization over SSL. If more people have it same problem (32bits vs 64bits SSL Sync), I would like to hear from it. And if you are running a 64bits Red Hat Enterprise 5 server and the Windows Sync over SSL is working fine, I would like to know what version you are running. Best regards, Mathijs de Groot _________________________________________________________________ Email envoyé avec Windows Live Hotmail. Dites adieux aux spam et virus, passez à Hotmail ! C''est gratuit ! http://www.windowslive.fr/hotmail/default.asp
Rich Megginson
2008-Sep-02 15:24 UTC
Re: [Fedora-directory-users] LDAP Error with sync agreement using ssl
steve nguyen wrote:> Hi everybody, > > I have created two sync agreement in FDS. I''ve got an error message > with the one using ssl : "LDAP error: Can''t contact LDAP server. Error > Code 81.You''ll have to provide more information, like the CA that issued your AD server cert, and other messages in the DS error log.> The second sync agreement without ssl works. > > I think this error should come from a certificate that I''ve create. > To create my certificate on Fedora I''ve used the second script from > the fds wiki. > > I want to know another thing : I selected a single master in the > replica role column. If I choose multiple master, will the sync happen > from both side : ad and fds ?The setting for single vs. multiple master is not applicable with Windows Sync - it shouldn''t matter as long as the DS side is a master. Windows sync is always 2 way.> > ps : escuse me for my bad english. > > > > ------------------------------------------------------------------------ > Avec une webcam et Messenger partagez vos émotions en vidéo ! > Téléchargez gratuitement ! <http://www.windowslive.fr/messenger/> > ------------------------------------------------------------------------ > > -- > Fedora-directory-users mailing list > Fedora-directory-users@redhat.com > https://www.redhat.com/mailman/listinfo/fedora-directory-users >
Rich Megginson
2008-Sep-02 15:25 UTC
Re: [Fedora-directory-users] LDAP Error with sync agreement using ssl
Groot, Mathijs de (IDT Competence Java) wrote:> > Hi, > > I have / had the same problem. > > The first question is, what architecture are you running, a 32bit of > 64bits version? >Windows Sync does not support 64-bit Windows - it should work fine on 64-bit RHEL/Fedora.> > Im working with a Red Hat Directory Server, Ive set up the SSL and the > certificates for a few times now on 64bit RHEL servers, but it is just > not working > > I’m working on it with the Red Hat Support team but haven’t got the > solution yet. > > Ive set up a couple of 32bits servers and they are working fine with > the windows synchronization over SSL. >I''m not sure why it would make a difference - 32-bit should work the same as 64-bit.> > If more people have it same problem (32bits vs 64bits SSL Sync), I > would like to hear from it. > > And if you are running a 64bits Red Hat Enterprise 5 server and the > Windows Sync over SSL is working fine, I would like to know what > version you are running. > > Best regards, > > Mathijs de Groot > > *From:* fedora-directory-users-bounces@redhat.com > [mailto:fedora-directory-users-bounces@redhat.com] *On Behalf Of > *steve nguyen > *Sent:* maandag 1 september 2008 11:10 > *To:* fedora-directory-users@redhat.com > *Subject:* [Fedora-directory-users] LDAP Error with sync agreement > using ssl > > Hi everybody, > > I have created two sync agreement in FDS. I''ve got an error message > with the one using ssl : "LDAP error: Can''t contact LDAP server. Error > Code 81. > The second sync agreement without ssl works. > > I think this error should come from a certificate that I''ve create. > To create my certificate on Fedora I''ve used the second script from > the fds wiki. > > I want to know another thing : I selected a single master in the > replica role column. If I choose multiple master, will the sync happen > from both side : ad and fds ? > > ps : escuse me for my bad english. > > ------------------------------------------------------------------------ > > Avec une webcam et Messenger partagez vos émotions en vidéo ! > Téléchargez gratuitement ! <http://www.windowslive.fr/messenger/> > > > This e-mail and any attachment is for authorised use by the intended > recipient(s) only. It may contain proprietary material, confidential > information and/or be subject to legal privilege. It should not be > copied, disclosed to, retained or used by, any other party. If you are > not an intended recipient then please promptly delete this e-mail and > any attachment and all copies and inform the sender. Thank you. > ------------------------------------------------------------------------ > > -- > Fedora-directory-users mailing list > Fedora-directory-users@redhat.com > https://www.redhat.com/mailman/listinfo/fedora-directory-users >
steve nguyen
2008-Sep-08 13:24 UTC
RE: [Fedora-directory-users] LDAP Error with sync agreement using ssl
OK So in the passsync log I have this error message : Error initializing SSL: err=-8192 Ensure that your SSL is setup correctly Failed to load entries from file Ldap bind error in Connect 49: Invalid credentials Can not connect to ldap server in SyncPasswords Ldap bind error in Connect 81: Can''t contact LDAP server Ldap bind error in Connect 91: Can''t connect to the LDAP server In the FDS log (replication status) I''ve got this : "LDAP error: Can''t contact LDAP server. Error > > Code 81. In AD, I set up SSL using IIS because I had some troubles usiing certreq I enter this url http://<servername>/certsrv in my browser and I ask for a user certificate. And I import it in the Trusted Root CA. After the passync installation in Windows 2003 Server : I enter this commands : certutil.exe -d . -N I export my certs from FDS by doing this : pk12util -d . -o dscert.p12 -n Server-Cert In 2003 Server I put the FDS cert in the passync installation folder and I export : pk12util.exe -d "C:\Program Files\Red Hat Directory Password Synchronization" –i dscert.p12 And I give the trusted peer status : certutil.exe -d "C:\Program Files\Red Hat Directory Password Synchronization" –M -n Server-Cert -t "P,P,P" I also do the same for the cascert cert but I give this attributes trust attributes "CT,CT,CT" because it was mention in the FDS wiki. That''s all I do to set up SSL Did you see what I did wrong ? Thanks -------------------------------------------------------------------------------------------------------------------------> Date: Tue, 2 Sep 2008 09:24:19 -0600> From: rmeggins@redhat.com> To: fedora-directory-users@redhat.com> Subject: Re: [Fedora-directory-users] LDAP Error with sync agreement using ssl> > steve nguyen wrote:> > Hi everybody,> > > > I have created two sync agreement in FDS. I''ve got an error message > > with the one using ssl : "LDAP error: Can''t contact LDAP server. Error > > Code 81.> You''ll have to provide more information, like the CA that issued your AD > server cert, and other messages in the DS error log.> > The second sync agreement without ssl works.> > > > I think this error should come from a certificate that I''ve create.> > To create my certificate on Fedora I''ve used the second script from > > the fds wiki.> > > > I want to know another thing : I selected a single master in the > > replica role column. If I choose multiple master, will the sync happen > > from both side : ad and fds ?> The setting for single vs. multiple master is not applicable with > Windows Sync - it shouldn''t matter as long as the DS side is a master. > Windows sync is always 2 way.> > > > ps : escuse me for my bad english. _________________________________________________________________ Téléphonez gratuitement à tous vos proches avec Windows Live Messenger ! Téléchargez-le maintenant ! http://www.windowslive.fr/messenger/1.asp