Re: [Samba] Replication with a self-signed certificate
- Date: Mon, 13 Mar 2017 09:50:33 +1300
- From: Andrew Bartlett via samba <samba@xxxxxxxxxxxxxxx>
- Subject: Re: [Samba] Replication with a self-signed certificate
On Sat, 2017-03-11 at 14:54 -0600, Mircea Husz wrote:
> On Sat, 2017-03-11 at 13:39 +1300, Andrew Bartlett via samba wrote:
> > On Fri, 2017-03-10 at 16:17 -0600, Mircea Husz via samba wrote:
> > >
> > > Hello,
> > >
> > > I just configured a three-site DCs setup with Samba 4.6.0, and
> > > replication worked great.
> > > But then I added a custom cert to one of the DCs to authenticate
> > > various apps against it. I used this wiki https://wiki.samba.org/
> > > in
> > > de
> > > x.
> > > php/Configuring_LDAP_over_SSL_(LDAPS)_on_a_Samba_AD_DC
> > >
> > > Now I can authenticate my apps over LDAPS against my DC, but
> > > broke
> > > replication.
> > >
> > > How do I need to configure replication to work with a self-signed
> > > cert?
> > The two are not related - replication is not over LDAP or LDAPS,
> > but
> > instead it is done with DRSUAPI over DCE/RPC.
> I created a user and it got replicated, so replication works indeed.
> I guess that only 'samba-tool drs showrepl' breaks:
> Failed to connect to ldap URL 'ldap://ch1-ad-v01.ad.corp.com' - LDAP
> client internal error: NT_STATUS_CONNECTION_REFUSED
This indicates that you have blocked ldap with a firewall, or Samba
isn't (fully) running. Perhaps the LDAP server shut itself down due to
having the wrong permissions on the key files?
Check the logs.
To unsubscribe from this list go to the following URL and read the