Richard Megginson, on 31/10/2007 17.43, wrote:
Dael Maselli wrote:
[...]
You don't need to initialize from B to A if you already did the initialize from A to B."SSL Client Authentication". Here I had a problem! There was a pop-up that told me it can't connect to the other fds server, but I thought it was a bug, because I checked with tcpdump and saw no packet sent (I can see it with simple auth). So I clicked to continue and all seems to work well, even the initialization done from A to B, I didn't do it when I created the Agreement from B to A in the same way.
Yes, I never did it. I only did A->B.
When you did the tcpdump, did you look at traffic on port 389 too, or just 636?
I looked at 389 when I used simple auth with UNencrypted connection, and I saw packets. When I do SSL Auth I specify port 636 for the destination of the agreement, so I didn't look at 389. At 636 no packets. I tried with SSL and 389 hoping in TLS but it didn't work. By the way, in production environment I need to do the 4-way MMR, in the manual I read to do it with the A agreement to B and D, B to A and C, and so on, in a circular manner. I don't like this way due to its split-brain danger and no ollerance to more than 1 server fault, so I first tried connecting all to all, is it wrong? May it be the cause of the CNS disaster? I note you that after this 4-way test i deleted all agreements, replicas and changelogs, maybe there is some "dirty" configuration? Thanks.
------------------------------------------------------------------------ -- Fedora-directory-users mailing list [email protected] https://www.redhat.com/mailman/listinfo/fedora-directory-users
-- ___________________________________________________________________ Dael Maselli --- INFN-LNF Computing Service -- +39.06.9403.2214 ___________________________________________________________________ Democracy is two wolves and a lamb voting on what to have for lunch ___________________________________________________________________
smime.p7s
Description: S/MIME Cryptographic Signature
-- Fedora-directory-users mailing list [email protected] https://www.redhat.com/mailman/listinfo/fedora-directory-users
