[389-users] Microsoft Windows Password Sync?

[Rich Megginson]

On 08/24/2011 11:55 PM, Craig T wrote:
> Hi,
>
> Setup:
> Fedora 15 x64
> * 389-admin-1.1.16-1.fc15.x86_64
> * 389-admin-console-1.1.7-2.fc15.noarch
> * 389-admin-console-doc-1.1.7-2.fc15.noarch
> * 389-adminutil-1.1.13-2.fc15.x86_64
> * 389-console-1.1.4-2.fc15.noarch
> * 389-ds-base-1.2.8.3-1.fc15.x86_64
> * 389-ds-base-libs-1.2.8.3-1.fc15.x86_64
> * 389-ds-console-1.2.5-1.fc15.noarch
> * 389-ds-console-doc-1.2.5-1.fc15.noarch
>
> Windows 2008 R2 x64
> * Microsoft Active Directory
> * Windows Password Sync v1.1.4 x64
>
> I'm just attempting to setup 389 Directory Server password sync to Microsoft Active Directory.
> I have managed to get successfull user account (ldap info) sync without passwords, it's just the .msi password sync program that I'm having issues with.
>
> Error from passsync.log:
> 08/25/11 14:46:43: PassSync service initialized
> 08/25/11 14:46:43: PassSync service running
> 08/25/11 14:46:44: Error initializing SSL: err=-8174
> 08/25/11 14:46:44: Ensure that your SSL is setup correctly
> 08/25/11 14:46:58: PassSync service stopped
>
>
> Anyone know how I can add debugging to the windows app? or ideas on what a -8174 error means?
> I thought SSL was setup correctly on the directory server (it certainly responds to a telnet<port 636>, again debugging on the windows side would be ideal.
passsync always tries to use SSL, even before SSL is properly 
configured.  You have to add the directory server's CA cert to the 
passsync cert db.  See 
http://docs.redhat.com/docs/en-US/Red_Hat_Directory_Server/8.2/html-single/Administration_Guide/index.html#Configuring_Windows_Sync-Configure_the_Password_Sync_Service
> cya
>
> Craig
> --
> 389 users mailing list
> 389-users at lists.fedoraproject.org
> https://admin.fedoraproject.org/mailman/listinfo/389-users