[Samba] Second DC won't start LDAP daemon

Andrea Venturoli ml at netfence.it
Mon May 15 16:58:38 UTC 2017


On 05/08/17 11:17, Andrea Venturoli wrote:
> Hello.
> 
> I've got a network of FreeBSD servers which traditionally hosted a 
> classic domain.
> I upgraded some months ago, removing the old PDC and BDC and migrating 
> to an AD DC controller in a jail.
> This is working fine with Samba 4.4.13.
> 
> Now I'm trying to add a second DC, so I created a new jail on another 
> physical server and went on with the setup, following:
>> https://wiki.samba.org/index.php/Joining_a_Samba_DC_to_an_Existing_Active_Directory 

After spending several hours trying to sort this out, I found that the 
ldap task will work (and bind to port 389) if I put "tls enabled=no" in 
the config file.

With "tls enabled=yes" (or nothing, since it's the default) I get:
"Child 24011 (ldap) terminated with signal 4"

I tried generating a self-signed certificate as per:
> https://wiki.samba.org/index.php/Configuring_LDAP_over_SSL_(LDAPS)_on_a_Samba_AD_DC

Unfortunately, the only effect is that "Attempting to autogenerate TLS 
self-signed keys for https for hostname 'XXX.xxxxx.xxxxxxxx.xx'" changes 
to "TLS autogeneration skipped - some TLS files already exist".
Then I get the same error as above.


Any suggestion?
TIA.

  bye
	av.



More information about the samba mailing list