[prev in list] [next in list] [prev in thread] [next in thread]
List: fedora-directory-users
Subject: Re: [Fedora-directory-users] Can't locate CSN in Multi-Master replica
From: Richard Megginson <rmeggins () redhat ! com>
Date: 2007-10-31 19:20:45
Message-ID: 4728D58D.2050807 () redhat ! com
[Download RAW message or body]
[Attachment #2 (multipart/signed)]
Dael Maselli wrote:
>
> Richard Megginson, on 31/10/2007 17.43, wrote:
>> Dael Maselli wrote:
> [...]
>>> "SSL Client Authentication". Here I had a problem! There was a
>>> pop-up that told me
>>> it can't connect to the other fds server, but I thought it was a
>>> bug, because I checked
>>> with tcpdump and saw no packet sent (I can see it with simple auth).
>>> So I clicked to
>>> continue and all seems to work well, even the initialization done
>>> from A to B, I didn't
>>> do it when I created the Agreement from B to A in the same way.
>> You don't need to initialize from B to A if you already did the
>> initialize from A to B.
>
> Yes, I never did it. I only did A->B.
>
>>
>> When you did the tcpdump, did you look at traffic on port 389 too, or
>> just 636?
>
> I looked at 389 when I used simple auth with UNencrypted connection,
> and I saw packets. When I do SSL Auth I specify port 636 for the
> destination
> of the agreement, so I didn't look at 389. At 636 no packets.
>
> I tried with SSL and 389 hoping in TLS but it didn't work.
I suggest turning up the error log level to the replication log, then
attempt to initialize B from A. You may have to enable replication
logging on both A and B - see
http://directory.fedoraproject.org/wiki/FAQ#Troubleshooting
>
> By the way, in production environment I need to do the 4-way MMR, in the
> manual I read to do it with the A agreement to B and D, B to A and C,
> and so
> on, in a circular manner. I don't like this way due to its split-brain
> danger
> and no ollerance to more than 1 server fault, so I first tried
> connecting all
> to all, is it wrong?
No.
> May it be the cause of the CNS disaster?
I don't think so.
>
> I note you that after this 4-way test i deleted all agreements,
> replicas and
> changelogs, maybe there is some "dirty" configuration?
Ah, yes, that could be. Can you start over again from scratch?
>
> Thanks.
>
>
>> ------------------------------------------------------------------------
>>
>> --
>> Fedora-directory-users mailing list
>> Fedora-directory-users@redhat.com
>> https://www.redhat.com/mailman/listinfo/fedora-directory-users
>
> ------------------------------------------------------------------------
>
> --
> Fedora-directory-users mailing list
> Fedora-directory-users@redhat.com
> https://www.redhat.com/mailman/listinfo/fedora-directory-users
>
["smime.p7s" (application/x-pkcs7-signature)]
--
Fedora-directory-users mailing list
Fedora-directory-users@redhat.com
https://www.redhat.com/mailman/listinfo/fedora-directory-users
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic