Using smbclient to access an SSL enabled Samba Daemon.

grant grant at conprojan.com.au
Mon Dec 11 03:52:41 GMT 2000 

I am attempting to connect to an SSL enabled Samba Daemon. Although it
does connect as anonymous, I am concerned about the "Cert" error. I have
pasted the output of an smbclient session and I have included the
smb.conf.

(1) Does this mean the session is not being encrypted? 
(2) How can I change my setup so I do not receive the error message?

----- error message -----

[root at test]# smbclient //test/configuration
added interface ip=192.168.1.4 bcast=192.168.1.255 nmask=255.255.255.0
Got a positive name query response from 127.0.0.1 ( 192.168.1.4 )
SSL: Cert error: unknown error 18 in
/C=AU/ST=Queensland/L=Brisbane/O=Rawlinsons Group Pty Ltd/OU=Quantity
Surveyors/CN=Harry Carrick/Email=info at rawlinsons.com.au
SSL: negotiated cipher: DES-CBC3-SHA
Password:
Anonymous login successful
Domain=[RAWLINSONS] OS=[Unix] Server=[Samba 2.0.7]
smb: \>

----- smb.conf -----

[global]
    ssl = yes
    ssl server cert = /usr/local/ssl/certs/new.cert.cert
    ssl server key = /usr/local/ssl/certs/new.cert.key
    ssl CA certdir = /usr/local/ssl/certs
    workgroup = RAWLINSONS
    netbios name = TEST
    server string = Test SSL Samba Server %v
    create mask = 0770
    directory mask = 0770
    hosts allow = 192.168.1.  127.
    log file = /var/log/samba/log.%m
    max log size = 50
    security = user
    socket options = TCP_NODELAY  SO_RCVBUF=8192 SO_SNDBUF=8192
    wins support = yes
    password level = 6
    encrypt passwords = yes
    domain master = no
    local master = no
    preferred master = no
    os level = 64
    domain logons = no
    dns proxy = no
    load printers = no
    name resolve order = wins lmhosts hosts bcast

#============================ Share Definitions
==============================

[homes]
    comment = %S's H: drive
    browseable = no
    writable = yes
    path = %H
    create mode = 0600
    directory mode = 0700
    browsable = no
    valid users = %S
    available = yes
    public = no
    only user = no

[Configuration]
    path = /etc
    printable = no
    public = yes
    comment = /etc

Thankyou.

More information about the samba mailing list