On 08/29/2016 02:48 AM, Juan Carlos Camargo wrote:
I have two 2012 r2 domain controllers with passsync 1.6 x64 installed.
They're both targeting 389-ds-base-126.96.36.199-1.fc22.x86_64 . They're
I dont know if it's been a software update or a change in the domain
settings. Thing is today, one of the controllers has stopped sync'ing.
there be a certificate issue? Did you have any chance to check
the cert with the tool certutil?
Also, if you could try binding as the user "uid=juankar,ou=xxx...."
using an ldap command over SSL, you may be able to get more info, e.g.,
returned from the server.
Whenever I change one password in that controller, the following
message is logged in passsync.log:
08/29/16 11:30:07: Password list has 1 entries
08/29/16 11:30:07: Attempting to sync password for juankar
08/29/16 11:30:07: Searching for (ntuserdomainid=juankar)
08/29/16 11:30:07: Checking password failed for remote entry:
08/29/16 11:30:07: Deferring password change for juankar
and in the server access log I get ldap bind err=53 when the passsync
user tries to check the password:
[29/Aug/2016:11:30:07 +0200] conn=276 fd=67 slot=67 SSL connection
[29/Aug/2016:11:30:07 +0200] conn=276 TLS1.2 128-bit AES
[29/Aug/2016:11:30:07 +0200] conn=276 op=0 BIND
dn="uid=juankar,ou=xxx...." method=128 version=3
[29/Aug/2016:11:30:07 +0200] conn=276 op=0 RESULT err=53 tag=97
[29/Aug/2016:11:30:07 +0200] conn=276 op=1 UNBIND
[29/Aug/2016:11:30:07 +0200] conn=276 op=1 fd=67 closed - U1
[29/Aug/2016:11:30:07 +0200] conn=275 op=2 UNBIND
Any hints? Could be a problem with certificates? They're both using
the same CA (windows CA Cert serv is installed in one of the DCs)
389-users mailing list