On 08/24/2011 11:55 PM, Craig T wrote: > Hi, > > Setup: > Fedora 15 x64 > * 389-admin-1.1.16-1.fc15.x86_64 > * 389-admin-console-1.1.7-2.fc15.noarch > * 389-admin-console-doc-1.1.7-2.fc15.noarch > * 389-adminutil-1.1.13-2.fc15.x86_64 > * 389-console-1.1.4-2.fc15.noarch > * 389-ds-base-1.2.8.3-1.fc15.x86_64 > * 389-ds-base-libs-1.2.8.3-1.fc15.x86_64 > * 389-ds-console-1.2.5-1.fc15.noarch > * 389-ds-console-doc-1.2.5-1.fc15.noarch > > Windows 2008 R2 x64 > * Microsoft Active Directory > * Windows Password Sync v1.1.4 x64 > > I'm just attempting to setup 389 Directory Server password sync to Microsoft Active Directory. > I have managed to get successfull user account (ldap info) sync without passwords, it's just the .msi password sync program that I'm having issues with. > > Error from passsync.log: > 08/25/11 14:46:43: PassSync service initialized > 08/25/11 14:46:43: PassSync service running > 08/25/11 14:46:44: Error initializing SSL: err=-8174 > 08/25/11 14:46:44: Ensure that your SSL is setup correctly > 08/25/11 14:46:58: PassSync service stopped > > > Anyone know how I can add debugging to the windows app? or ideas on what a -8174 error means? > I thought SSL was setup correctly on the directory server (it certainly responds to a telnet<port 636>, again debugging on the windows side would be ideal. passsync always tries to use SSL, even before SSL is properly configured. You have to add the directory server's CA cert to the passsync cert db. See http://docs.redhat.com/docs/en-US/Red_Hat_Directory_Server/8.2/html-single/Administration_Guide/index.html#Configuring_Windows_Sync-Configure_the_Password_Sync_Service > cya > > Craig > -- > 389 users mailing list > 389-users@xxxxxxxxxxxxxxxxxxxxxxx > https://admin.fedoraproject.org/mailman/listinfo/389-users -- 389 users mailing list 389-users@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/389-users
