Dael Maselli wrote:
I suggest turning up the error log level to the replication log, then attempt to initialize B from A. You may have to enable replication logging on both A and B - see http://directory.fedoraproject.org/wiki/FAQ#TroubleshootingRichard Megginson, on 31/10/2007 17.43, wrote:Dael Maselli wrote:[...]"SSL Client Authentication". Here I had a problem! There was a pop-up that told me it can't connect to the other fds server, but I thought it was a bug, because I checked with tcpdump and saw no packet sent (I can see it with simple auth). So I clicked to continue and all seems to work well, even the initialization done from A to B, I didn'tYou don't need to initialize from B to A if you already did the initialize from A to B.do it when I created the Agreement from B to A in the same way.Yes, I never did it. I only did A->B.When you did the tcpdump, did you look at traffic on port 389 too, or just 636?I looked at 389 when I used simple auth with UNencrypted connection,and I saw packets. When I do SSL Auth I specify port 636 for the destinationof the agreement, so I didn't look at 389. At 636 no packets. I tried with SSL and 389 hoping in TLS but it didn't work.
By the way, in production environment I need to do the 4-way MMR, in themanual I read to do it with the A agreement to B and D, B to A and C, and so on, in a circular manner. I don't like this way due to its split-brain danger and no ollerance to more than 1 server fault, so I first tried connecting allto all, is it wrong?
No.
May it be the cause of the CNS disaster?
I don't think so.
I note you that after this 4-way test i deleted all agreements, replicas andchangelogs, maybe there is some "dirty" configuration?
Ah, yes, that could be. Can you start over again from scratch?
Thanks.------------------------------------------------------------------------ -- Fedora-directory-users mailing list Fedora-directory-users@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-directory-users------------------------------------------------------------------------ -- Fedora-directory-users mailing list Fedora-directory-users@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-directory-users
<<attachment: smime.p7s>>
-- Fedora-directory-users mailing list Fedora-directory-users@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-directory-users
