[Samba] Replication with a self-signed certificate
Mircea Husz
mirceahusz at yahoo.com
Mon Mar 13 13:19:23 UTC 2017
On Mon, 2017-03-13 at 09:50 +1300, Andrew Bartlett via samba wrote:
> On Sat, 2017-03-11 at 14:54 -0600, Mircea Husz wrote:
> >
> > On Sat, 2017-03-11 at 13:39 +1300, Andrew Bartlett via samba wrote:
> > >
> > > On Fri, 2017-03-10 at 16:17 -0600, Mircea Husz via samba wrote:
> > > >
> > > >
> > > > Hello,
> > > >
> > > > I just configured a three-site DCs setup with Samba 4.6.0, and
> > > > replication worked great.
> > > > But then I added a custom cert to one of the DCs to
> > > > authenticate
> > > > various apps against it. I used this wiki https://wiki.samba.or
> > > > g/
> > > > in
> > > > de
> > > > x.
> > > > php/Configuring_LDAP_over_SSL_(LDAPS)_on_a_Samba_AD_DC
> > > >
> > > > Now I can authenticate my apps over LDAPS against my DC, but
> > > > broke
> > > > replication.
> > > >
> > > > How do I need to configure replication to work with a self-
> > > > signed
> > > > cert?
> > >
> > > The two are not related - replication is not over LDAP or LDAPS,
> > > but
> > > instead it is done with DRSUAPI over DCE/RPC.
> > >
> >
> > I created a user and it got replicated, so replication works
> > indeed.
> >
> > I guess that only 'samba-tool drs showrepl' breaks:
> > Failed to connect to ldap URL 'ldap://ch1-ad-v01.ad.corp.com' -
> > LDAP
> > client internal error: NT_STATUS_CONNECTION_REFUSED
>
> This indicates that you have blocked ldap with a firewall, or Samba
> isn't (fully) running. Perhaps the LDAP server shut itself down due
> to
> having the wrong permissions on the key files?
>
> Check the logs.
>
That was it, the permission on the key was too wide.
Thank you.
-Mike
More information about the samba
mailing list