On Mon, Aug 29, 2016 at 3:18 PM, Juan Carlos Camargo <juancarlos@eprinsa.es> wrote:
Hi, 389ds'ers,

I have two 2012 r2 domain controllers with passsync 1.6 x64 installed. They're both targeting 389-ds-base- . They're working flawlessly.
I dont know if it's been a software update or a change in the domain settings. Thing is today, one of the controllers has stopped sync'ing. Whenever I change one password in that controller, the following message is logged in passsync.log:

08/29/16 11:30:07: Password list has 1 entries
08/29/16 11:30:07: Attempting to sync password for juankar
08/29/16 11:30:07: Searching for (ntuserdomainid=juankar)
08/29/16 11:30:07: Checking password failed for remote entry: uid=juankar,ou=xxx....
08/29/16 11:30:07: Deferring password change for juankar

and in the server access log I get ldap bind err=53 when the passsync user tries to check the password:

[29/Aug/2016:11:30:07 +0200] conn=276 fd=67 slot=67 SSL connection from xxxx
[29/Aug/2016:11:30:07 +0200] conn=276 TLS1.2 128-bit AES
[29/Aug/2016:11:30:07 +0200] conn=276 op=0 BIND dn="uid=juankar,ou=xxx...." method=128 version=3
[29/Aug/2016:11:30:07 +0200] conn=276 op=0 RESULT err=53 tag=97 nentries=0 etime=0
[29/Aug/2016:11:30:07 +0200] conn=276 op=1 UNBIND

It looks like BIND failed for that user, Can you use ldp.exe in windows to connect to RHDS server & check.

Run ldp.exe
Connection > Connect
Enter the rhds server hostname in the server field
Enter port 636 in the port field
Check the SSL box
Click OK

Connection > Bind
Select the 'simple bind' radio button
Enter the DN uid=juankar,ou=xxx
Enter the password for the passsync account in the password field
Click OK

[29/Aug/2016:11:30:07 +0200] conn=276 op=1 fd=67 closed - U1
[29/Aug/2016:11:30:07 +0200] conn=275 op=2 UNBIND

Any hints? Could be a problem with certificates? They're both using the same CA (windows CA Cert serv is installed in one of the DCs)


389-users mailing list

Thanks & Regards
Arpit Tolani