Web lists-archives.com

Re: [Samba] Replication with a self-signed certificate




On Sat, 2017-03-11 at 14:54 -0600, Mircea Husz wrote:
> On Sat, 2017-03-11 at 13:39 +1300, Andrew Bartlett via samba wrote:
> > On Fri, 2017-03-10 at 16:17 -0600, Mircea Husz via samba wrote:
> > > 
> > > Hello,
> > > 
> > > I just configured a three-site DCs setup with Samba 4.6.0, and
> > > replication worked great.
> > > But then I added a custom cert to one of the DCs to authenticate
> > > various apps against it. I used this wiki https://wiki.samba.org/
> > > in
> > > de
> > > x.
> > > php/Configuring_LDAP_over_SSL_(LDAPS)_on_a_Samba_AD_DC
> > > 
> > > Now I can authenticate my apps over LDAPS against my DC, but
> > > broke
> > > replication.
> > > 
> > > How do I need to configure replication to work with a self-signed
> > > cert?
> > 
> > The two are not related - replication is not over LDAP or LDAPS,
> > but
> > instead it is done with DRSUAPI over DCE/RPC.
> > 
> 
> I created a user and it got replicated, so replication works indeed.
> 
> I guess that only 'samba-tool drs showrepl' breaks:
> Failed to connect to ldap URL 'ldap://ch1-ad-v01.ad.corp.com' - LDAP
> client internal error: NT_STATUS_CONNECTION_REFUSED

This indicates that you have blocked ldap with a firewall, or Samba
isn't (fully) running.  Perhaps the LDAP server shut itself down due to
having the wrong permissions on the key files?  

Check the logs.

Thanks,

Andrew Bartlett


-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba