[Date Prev][Date Next] [Chronological] [Thread] [Top]

Openldap and TLS issue



Hi,

Our environment is consist of 3 domain controllers - 1 primary and 2 backup. All domain controller are running on Gentoo platform using Samba with Openldap for user login and authentication. One of the backup domain controller has been acting up lately and will not start samba properly. A quick look at the log showed:

slapd[22380]: conn=94 op=0 RESULT oid= err=0 text=
slapd[22380]: conn=94 fd=11 closed (TLS negotiation failure)
slapd[22380]: conn=95 fd=11 ACCEPT from IP=127.0.0.1:54158 (IP=0.0.0.0:389)

It seems obvious that the issue is with certificate. The certificate we are using was created using the primary domain controller and were then copied to both backup domain controller. If I create a brand new certificate using the backup domain controller having certificate issue, will that interfere with the certificate on the primary domain controller? Will that cause confusion on the domain? Creating a brand new certificate is the only solution I can think of to fix this issue. I've already re-install samba, openldap and smbldap-tools twice to no avail.

samba 3.0.32
openldap 2.3.43
smbldap-tools 0.9.4-r1

Thanks in advance.

-Ivan