[Samba] samba + openldap + tls
Steve Lee
maillist at blitzen.net
Fri May 17 18:27:02 GMT 2002
For the life of me, this works at my home where i set it up.
But at work where i also set this up, i can't get it
to do SSL. weird.
On Fri, 17 May 2002, Laurent BLIN wrote:
> Hi,
>
> I using openldap 2.0.23 and samba 2.2.4 on a Redhat 7.2 Linux distrib.
>
> I've compiled with ldap support dans It works fine in clear mode. I've
> configured unix auth. in order to use ldap on TLS mode, and it works also.
>
> When I try to use TLS more (or SSL on 636), it doesn't work. LDAP
> doesn't seem to have an error (see logs below), but samba tells "Failed
> to issue the StartTLS instruction: Connect error".
>
> Any idea???
> Have I to use the "--with-ssl" option? It's said no.
>
> ##############################################
> LDAP CONF:
> --------------------------
>
> ########################
> # certificats et clefs
>
> TLSCertificateKeyFile /opt/openldap/pem/ldapuckey.pem
> TLSCertificateFile /opt/openldap/pem/ldapcert.pem
> TLSCACertificateFile /opt/openldap/pem/demoCA/cacert.pem
>
>
> ##############################################
> SMB CONF:
> --------------------------
>
> # LDAP:
> ldap server = obiwan
> ldap port = 389
> ldap suffix = "ou=samba, dc=obiwan,dc=fr"
>
> # LDAP SSL:
> ldap ssl = no
>
> # Root LDAP
> ldap admin dn = "cn=Manager,dc=obiwan,dc=fr"
>
>
>
>
>
> ##############################################
> SAMBA LOGS
> --------------------------
>
> [2002/05/17 16:24:16, 0] passdb/pdb_ldap.c:ldap_open_connection(120)
> Failed to issue the StartTLS instruction: Connect error
> [2002/05/17 16:24:16, 1] smbd/password.c:pass_check_smb(545)
> Couldn't find user 'lblin' in passdb.
> [2002/05/17 16:24:16, 2] smbd/reply.c:reply_sesssetup_and_X(963)
> NT Password did not match for user 'lblin'!
>
>
>
>
>
> #############################################
> LDAP LOGS:
>
> -------------------------
>
> ldap_pvt_gethostbyname_a: host=obiwan, r=0
> connection_get(9): got connid=0
> connection_read(9): checking for input on id=0
> ber_get_next
> ber_get_next: tag 0x30 len 29 contents:
> do_extended
> ber_scanf fmt ({a) ber:
> ber_get_next
> ber_get_next on fd 9 failed errno=11 (Resource temporarily unavailable)
> send_ldap_extended 0: (0)
> send_ldap_response: msgid=1 tag=120 err=0
> ber_flush: 14 bytes to sd 9
> connection_get(9): got connid=0
> connection_read(9): checking for input on id=0
> TLS trace: SSL_accept:before/accept initialization
> TLS trace: SSL_accept:SSLv3 read client hello A
> TLS trace: SSL_accept:SSLv3 write server hello A
> TLS trace: SSL_accept:SSLv3 write certificate A
> TLS trace: SSL_accept:SSLv3 write server done A
> TLS trace: SSL_accept:SSLv3 flush data
> TLS trace: SSL_accept:SSLv3 read client key exchange A
> TLS trace: SSL_accept:SSLv3 read finished A
> TLS trace: SSL_accept:SSLv3 write change cipher spec A
> TLS trace: SSL_accept:SSLv3 write finished A
> TLS trace: SSL_accept:SSLv3 flush data
> connection_get(10): got connid=1
> connection_read(10): checking for input on id=1
> ber_get_next
> ber_get_next: tag 0x30 len 29 contents:
> ber_get_next
> ber_get_next on fd 10 failed errno=11 (Resource temporarily unavailable)
> do_extended
> ber_scanf fmt ({a) ber:
> send_ldap_extended 0: (0)
> send_ldap_response: msgid=1 tag=120 err=0
> ber_flush: 14 bytes to sd 10
> connection_get(10): got connid=1
> connection_read(10): checking for input on id=1
> TLS trace: SSL_accept:before/accept initialization
> TLS trace: SSL_accept:SSLv3 read client hello A
> TLS trace: SSL_accept:SSLv3 write server hello A
> TLS trace: SSL_accept:SSLv3 write certificate A
> TLS trace: SSL_accept:SSLv3 write server done A
> TLS trace: SSL_accept:SSLv3 flush data
> TLS trace: SSL_accept:SSLv3 read client key exchange A
> TLS trace: SSL_accept:SSLv3 read finished A
> TLS trace: SSL_accept:SSLv3 write change cipher spec A
> TLS trace: SSL_accept:SSLv3 write finished A
> TLS trace: SSL_accept:SSLv3 flush data
>
>
>
>
More information about the samba
mailing list