Looking at the debug log, it is expired. It puzzle me because the
certs on the other two machine are working correctly. Since this is the case (certificate expires), is it safe to create a new one for this machine? Gavin Henry wrote: ----- "Ivan Ordonez" <iordonez@nature.berkeley.edu> wrote:Hi, Our environment is consist of 3 domain controllers - 1 primary and 2 backup. All domain controller are running on Gentoo platform using Samba with Openldap for user login and authentication. One of the backup domain controller has been acting up lately and will not start samba properly. A quick look at the log showed: slapd[22380]: conn=94 op=0 RESULT oid= err=0 text= slapd[22380]: conn=94 fd=11 closed (TLS negotiation failure) slapd[22380]: conn=95 fd=11 ACCEPT from IP=127.0.0.1:54158 (IP=0.0.0.0:389) It seems obvious that the issue is with certificate. The certificate we are using was created using the primary domain controller and were then copied to both backup domain controller. If I create a brand new certificate using the backup domain controller having certificate issue, will that interfere with the certificate on the primary domain controller? Will that cause confusion on the domain? Creating a brand new certificate is the only solution I can think of to fix this issue.http://www.openldap.org/faq/data/cache/185.html Has one of your certs expired? By default OpenSSL scripts do 365 days. |