Using smbclient to access an SSL enabled Samba Daemon.
grant
grant at conprojan.com.au
Mon Dec 11 03:52:41 GMT 2000
I am attempting to connect to an SSL enabled Samba Daemon. Although it
does connect as anonymous, I am concerned about the "Cert" error. I have
pasted the output of an smbclient session and I have included the
smb.conf.
(1) Does this mean the session is not being encrypted?
(2) How can I change my setup so I do not receive the error message?
----- error message -----
[root at test]# smbclient //test/configuration
added interface ip=192.168.1.4 bcast=192.168.1.255 nmask=255.255.255.0
Got a positive name query response from 127.0.0.1 ( 192.168.1.4 )
SSL: Cert error: unknown error 18 in
/C=AU/ST=Queensland/L=Brisbane/O=Rawlinsons Group Pty Ltd/OU=Quantity
Surveyors/CN=Harry Carrick/Email=info at rawlinsons.com.au
SSL: negotiated cipher: DES-CBC3-SHA
Password:
Anonymous login successful
Domain=[RAWLINSONS] OS=[Unix] Server=[Samba 2.0.7]
smb: \>
----- smb.conf -----
[global]
ssl = yes
ssl server cert = /usr/local/ssl/certs/new.cert.cert
ssl server key = /usr/local/ssl/certs/new.cert.key
ssl CA certdir = /usr/local/ssl/certs
workgroup = RAWLINSONS
netbios name = TEST
server string = Test SSL Samba Server %v
create mask = 0770
directory mask = 0770
hosts allow = 192.168.1. 127.
log file = /var/log/samba/log.%m
max log size = 50
security = user
socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
wins support = yes
password level = 6
encrypt passwords = yes
domain master = no
local master = no
preferred master = no
os level = 64
domain logons = no
dns proxy = no
load printers = no
name resolve order = wins lmhosts hosts bcast
#============================ Share Definitions
==============================
[homes]
comment = %S's H: drive
browseable = no
writable = yes
path = %H
create mode = 0600
directory mode = 0700
browsable = no
valid users = %S
available = yes
public = no
only user = no
[Configuration]
path = /etc
printable = no
public = yes
comment = /etc
Thankyou.
More information about the samba
mailing list