Dael Maselli wrote: > > Richard Megginson, on 31/10/2007 17.43, wrote: >> Dael Maselli wrote: > [...] >>> "SSL Client Authentication". Here I had a problem! There was a >>> pop-up that told me >>> it can't connect to the other fds server, but I thought it was a >>> bug, because I checked >>> with tcpdump and saw no packet sent (I can see it with simple auth). >>> So I clicked to >>> continue and all seems to work well, even the initialization done >>> from A to B, I didn't >>> do it when I created the Agreement from B to A in the same way. >> You don't need to initialize from B to A if you already did the >> initialize from A to B. > > Yes, I never did it. I only did A->B. > >> >> When you did the tcpdump, did you look at traffic on port 389 too, or >> just 636? > > I looked at 389 when I used simple auth with UNencrypted connection, > and I saw packets. When I do SSL Auth I specify port 636 for the > destination > of the agreement, so I didn't look at 389. At 636 no packets. > > I tried with SSL and 389 hoping in TLS but it didn't work. I suggest turning up the error log level to the replication log, then attempt to initialize B from A. You may have to enable replication logging on both A and B - see http://directory.fedoraproject.org/wiki/FAQ#Troubleshooting > > By the way, in production environment I need to do the 4-way MMR, in the > manual I read to do it with the A agreement to B and D, B to A and C, > and so > on, in a circular manner. I don't like this way due to its split-brain > danger > and no ollerance to more than 1 server fault, so I first tried > connecting all > to all, is it wrong? No. > May it be the cause of the CNS disaster? I don't think so. > > I note you that after this 4-way test i deleted all agreements, > replicas and > changelogs, maybe there is some "dirty" configuration? Ah, yes, that could be. Can you start over again from scratch? > > Thanks. > > >> ------------------------------------------------------------------------ >> >> -- >> Fedora-directory-users mailing list >> Fedora-directory-users at redhat.com >> https://www.redhat.com/mailman/listinfo/fedora-directory-users > > ------------------------------------------------------------------------ > > -- > Fedora-directory-users mailing list > Fedora-directory-users at redhat.com > https://www.redhat.com/mailman/listinfo/fedora-directory-users > -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 3245 bytes Desc: S/MIME Cryptographic Signature Url : http://lists.fedoraproject.org/pipermail/389-users/attachments/20071031/e4829c76/attachment.bin
