[Samba] Replication with a self-signed certificate
Andrew Bartlett
abartlet at samba.org
Sun Mar 12 20:50:33 UTC 2017
On Sat, 2017-03-11 at 14:54 -0600, Mircea Husz wrote:
> On Sat, 2017-03-11 at 13:39 +1300, Andrew Bartlett via samba wrote:
> > On Fri, 2017-03-10 at 16:17 -0600, Mircea Husz via samba wrote:
> > >
> > > Hello,
> > >
> > > I just configured a three-site DCs setup with Samba 4.6.0, and
> > > replication worked great.
> > > But then I added a custom cert to one of the DCs to authenticate
> > > various apps against it. I used this wiki https://wiki.samba.org/
> > > in
> > > de
> > > x.
> > > php/Configuring_LDAP_over_SSL_(LDAPS)_on_a_Samba_AD_DC
> > >
> > > Now I can authenticate my apps over LDAPS against my DC, but
> > > broke
> > > replication.
> > >
> > > How do I need to configure replication to work with a self-signed
> > > cert?
> >
> > The two are not related - replication is not over LDAP or LDAPS,
> > but
> > instead it is done with DRSUAPI over DCE/RPC.
> >
>
> I created a user and it got replicated, so replication works indeed.
>
> I guess that only 'samba-tool drs showrepl' breaks:
> Failed to connect to ldap URL 'ldap://ch1-ad-v01.ad.corp.com' - LDAP
> client internal error: NT_STATUS_CONNECTION_REFUSED
This indicates that you have blocked ldap with a firewall, or Samba
isn't (fully) running. Perhaps the LDAP server shut itself down due to
having the wrong permissions on the key files?
Check the logs.
Thanks,
Andrew Bartlett
More information about the samba
mailing list