[Samba] TLS: hostname doesn't match CN??
David Moron
david.moron at openwired.net
Fri Dec 5 18:04:53 GMT 2003
Hi,
I'm configuring Samba 3.0 to store users in ldap server.
I've configured openldap 2.1 with SSL and it worked properly with ldap
commands but when
I try using then smbpasswd command it reports me the error:
failed to bind to server with dn= cn=Manager,dc=openwired,dc=net Error:
Can't contact LDAP server
TLS: hostname does not match CN in peer certificate
Connection to LDAP Server failed for the 1 try!
Connection to LDAP Server failed for the 2 try!
...
I had the same error with ldapadd, ldapsearch, etc but I corrected it
setting CN=ibox.desarrollo.com (Fully Qualified Domain Name).
Why Samba doesn'tmatch the CN attribute and the hostname????
Thank you very much.
Some information:
ibox# hostname -f
ibox.desarrollo.com
ibox# nslookup
ibox.desarrollo.com --> 10.0.0.80 (Is the correct IP).
Certificate information:
ibox# openssl x509 -text -noout -in /usr/local/openldap2.1/ssl/servercrt.pem
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 2 (0x2)
Signature Algorithm: md5WithRSAEncryption
Issuer: C=ES, ST=Barcelona, L=Barcelona, O=OpenWired SL,
OU=ibox, CN=iboxCA
Validity
Not Before: Dec 4 17:40:37 2003 GMT
Not After : Dec 3 17:40:37 2004 GMT
Subject: C=ES, ST=Barcelona, L=Barcelona, O=OpenWired SL,
OU=ibox, CN=ibox.desarrollo.com
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public Key: (1024 bit)
Modulus (1024 bit):
00:ad:aa:92:8a:12:b2:74:dd:a0:5f:fc:1f:3a:be:
98:0c:4a:bd:81:a0:20:81:7c:4b:97:86:9a:9d:cc:
eb:a3:ec:31:22:92:41:25:3f:5a:2e:81:14:3a:16:
87:74:cc:82:35:fd:62:20:ca:f5:36:1e:5c:bc:27:
7b:5d:02:db:b9:5d:c2:13:79:d3:05:76:47:8d:dd:
43:12:f0:8f:5b:4a:cd:74:42:cf:ed:93:e9:94:3b:
58:12:77:8f:3a:d1:b2:46:95:45:56:f5:58:ab:f3:
77:6a:04:be:1d:b8:84:ca:3a:c9:aa:28:e7:4a:6a:
cd:75:86:83:ac:b7:bf:5f:d5
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Basic Constraints:
CA:FALSE
Netscape Comment:
OpenSSL Generated Certificate
X509v3 Subject Key Identifier:
9E:EB:78:6D:50:16:51:05:1E:6C:8A:EA:5B:D0:83:01:35:B1:A5:F6
X509v3 Authority Key Identifier:
keyid:28:F8:69:7D:76:80:93:64:1A:F7:88:37:35:6F:36:6E:62:67:AB:4A
DirName:/C=ES/ST=Barcelona/L=Barcelona/O=OpenWired
SL/OU=ibox/CN=iboxCA
serial:00
Signature Algorithm: md5WithRSAEncryption
1f:70:cf:ed:15:bf:81:4b:d5:e6:6c:6b:62:bd:9a:57:76:6b:
67:f1:3c:b8:87:9a:e1:8e:0a:f2:13:f0:e3:a7:db:b2:34:ca:
53:3b:d9:56:ca:0f:dc:46:2e:18:3e:84:32:87:f9:20:26:1d:
c9:4f:d8:ef:dc:89:7f:a2:01:8c:bd:b0:6e:03:ed:b4:89:c4:
74:44:1f:77:26:25:df:90:f4:48:6d:86:d2:4a:0d:b4:5e:16:
7c:d3:e1:cf:75:d2:37:ff:5b:7f:2d:6d:c9:d4:a0:bc:d0:7c:
37:5c:dc:d4:2e:5e:a4:c8:c2:7e:9f:54:a3:ba:ff:e5:ed:ce:
3e:49
More information about the samba
mailing list