RE [Samba] TLS connections between Samba&OpenLDAP
spu at corman.be
spu at corman.be
Wed Jul 27 09:05:12 GMT 2005
Have you set :
TLS_CACERT ldap.conf of openldap (not /etc/ldap.conf)
The common name in certificat, is it a host name resolvable ?
-----------------------------------
Stéphane PURNELLE stephane.purnelle at corman.be
Service Informatique Corman S.A. Tel : 00 32 087/342467
samba-bounces+stephane.purnelle=corman.be at lists.samba.org a écrit sur
27/07/2005 11:02:58 :
> Goos morning all,
>
> I compiled Samba 3.0.14a with OpenLDAP 2.1.22-0
> directory. I then enabled TLS between Samba and
> OpenLDAP.
>
> The following tests succeeded:
> s_server to s_client --> OK
> slapd to s_client --> OK
> slapd to OPenLDAP client commands (ldapsearch..)
> --> OK
>
> The problem is the following: when I start Samba
> (service smb start), slapd output returns:
>
> TLS trace: SSL_accept:SSLv3 flush data
> tls_read: want=5, got=5
> 0000: 15 03 01 00 02
> .....
> tls_read: want=2, got=2
> 0000: 02 30
> .0
> TLS trace: SSL3 alert read:fatal:unknown CA
> TLS trace: SSL_accept:failed in SSLv3 read client
> certificate A
> TLS: can't accept.
> TLS: error:14094418:SSL
> routines:SSL3_READ_BYTES:tlsv1 alert unknown ca
> s3_pkt.c:1052
> connection_read(14): TLS accept error error=-1 id=2,
> closing
> connection_closing: readying conn=2 sd=14 for close
>
>
> May anyone tell me what is going wrong?
>
> Thank you
>
>
>
>
>
>
>
___________________________________________________________________________
> Appel audio GRATUIT partout dans le monde avec le nouveau Yahoo!
Messenger
> Téléchargez cette version sur http://fr.messenger.yahoo.com
> --
> To unsubscribe from this list go to the following URL and read the
> instructions: https://lists.samba.org/mailman/listinfo/samba
More information about the samba
mailing list