Tr: RE: RE [Samba] TLS connections between Samba&OpenLDAP

Bahya NASSR EDDINE bahya_nassr at yahoo.fr
Wed Jul 27 09:53:17 GMT 2005


I think I guess what the error is.
I've configured slapd to require a valid certificate
for all TLS incoming sessions. However, I didn't
create a ertificate for OpenLDAP client. I am going to
do so.

--- Bahya NASSR EDDINE <bahya_nassr at yahoo.fr> a écrit
:

> Date: Wed, 27 Jul 2005 11:46:50 +0200 (CEST)
> De: Bahya NASSR EDDINE <bahya_nassr at yahoo.fr>
> Objet: RE: RE [Samba] TLS connections between
> Samba&OpenLDAP
> À: spu at corman.be, samba at lists.samba.org,
> openldap-software at OpenLDAP.org
> 
> 
> > Have you set :
> > 
> > TLS_CACERT ldap.conf of openldap (not
> > /etc/ldap.conf)
> Now that I set TLS_CACERT to ca.pem file path in the
> appropriate ldap.conf, my slapd server returns (when
> I
> try to start smb services):
>  
> TLS trace: SSL_accept:SSLv3 flush data
> tls_read: want=5, got=5
>   0000:  16 03 01 00 07                             
>  
>      .....
> tls_read: want=7, got=7
>   0000:  0b 00 00 03 00 00 00                       
>  
>      .......
> tls_write: want=7, written=7
>   0000:  15 03 01 00 02 02 28                       
>  
>      ......(
> TLS trace: SSL3 alert write:fatal:handshake failure
> TLS trace: SSL_accept:error in SSLv3 read client
> certificate B
> TLS trace: SSL_accept:error in SSLv3 read client
> certificate B
> TLS: can't accept.
> TLS: error:140890C7:SSL
> routines:SSL3_GET_CLIENT_CERTIFICATE:peer did not
> return a certificate s3_srvr.c:1993
> 
> 
> Any idea please?
> 
> 
> 
> 	
> 
> 	
> 		
>
___________________________________________________________________________
> 
> Appel audio GRATUIT partout dans le monde avec le
> nouveau Yahoo! Messenger 
> Téléchargez cette version sur
> http://fr.messenger.yahoo.com
> 



	

	
		
___________________________________________________________________________ 
Appel audio GRATUIT partout dans le monde avec le nouveau Yahoo! Messenger 
Téléchargez cette version sur http://fr.messenger.yahoo.com


More information about the samba mailing list