On Sat, 2017-03-11 at 13:39 +1300, Andrew Bartlett via samba
wrote:> On Fri, 2017-03-10 at 16:17 -0600, Mircea Husz via samba wrote:
> >
> > Hello,
> >
> > I just configured a three-site DCs setup with Samba 4.6.0, and
> > replication worked great.
> > But then I added a custom cert to one of the DCs to authenticate
> > various apps against it. I used this wiki https://wiki.samba.org/in
> > de
> > x.
> > php/Configuring_LDAP_over_SSL_(LDAPS)_on_a_Samba_AD_DC
> >
> > Now I can authenticate my apps over LDAPS against my DC, but broke
> > replication.
> >
> > How do I need to configure replication to work with a self-signed
> > cert?
>
> The two are not related - replication is not over LDAP or LDAPS, but
> instead it is done with DRSUAPI over DCE/RPC.
>
I created a user and it got replicated, so replication works indeed.
I guess that only 'samba-tool drs showrepl' breaks:
Failed to connect to ldap URL 'ldap://ch1-ad-v01.ad.corp.com' - LDAP
client internal error: NT_STATUS_CONNECTION_REFUSED
Failed to connect to 'ldap://ch1-ad-v01.ad.corp.com' with backend
'ldap': LDAP client internal error: NT_STATUS_CONNECTION_REFUSED
ERROR(ldb): LDAP connection to ch1-ad-v01.ad.corp.com failed - LDAP
client internal error: NT_STATUS_CONNECTION_REFUSED
File "/usr/local/samba/lib64/python2.7/site-
packages/samba/netcmd/drs.py", line 50, in samdb_connect
credentials=ctx.creds, lp=ctx.lp)
File
"/usr/local/samba/lib64/python2.7/site-packages/samba/samdb.py",
line 57, in __init__ options=options)
File "/usr/local/samba/lib64/python2.7/site-
packages/samba/__init__.py", line 115, in __init__
self.connect(url, flags, options)
File
"/usr/local/samba/lib64/python2.7/site-packages/samba/samdb.py",
line 72, in connect options=options)
Thanks,
-Mike