[Samba] TLS: hostname doesn't match CN??

David Moron david.moron at openwired.net
Fri Dec 5 18:04:53 GMT 2003 

Hi,

I'm configuring Samba 3.0 to store users in ldap server.

I've configured openldap 2.1 with SSL and it worked properly with ldap 
commands but when
I try using then smbpasswd command it reports me the error:

failed to bind to server with dn= cn=Manager,dc=openwired,dc=net Error: 
Can't contact LDAP server
        TLS: hostname does not match CN in peer certificate
Connection to LDAP Server failed for the 1 try!
Connection to LDAP Server failed for the 2 try!
...

I had the same error with ldapadd, ldapsearch, etc but I corrected it 
setting CN=ibox.desarrollo.com (Fully Qualified Domain Name).
Why Samba doesn'tmatch the CN attribute and the hostname????

Thank you very much.

Some information:

ibox# hostname -f
ibox.desarrollo.com

ibox# nslookup
 ibox.desarrollo.com --> 10.0.0.80 (Is the correct IP).

Certificate information:
ibox# openssl x509 -text -noout -in /usr/local/openldap2.1/ssl/servercrt.pem
Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 2 (0x2)
        Signature Algorithm: md5WithRSAEncryption
        Issuer: C=ES, ST=Barcelona, L=Barcelona, O=OpenWired SL, 
OU=ibox, CN=iboxCA
        Validity
            Not Before: Dec  4 17:40:37 2003 GMT
            Not After : Dec  3 17:40:37 2004 GMT
        Subject: C=ES, ST=Barcelona, L=Barcelona, O=OpenWired SL, 
OU=ibox, CN=ibox.desarrollo.com
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
            RSA Public Key: (1024 bit)
                Modulus (1024 bit):
                    00:ad:aa:92:8a:12:b2:74:dd:a0:5f:fc:1f:3a:be:
                    98:0c:4a:bd:81:a0:20:81:7c:4b:97:86:9a:9d:cc:
                    eb:a3:ec:31:22:92:41:25:3f:5a:2e:81:14:3a:16:
                    87:74:cc:82:35:fd:62:20:ca:f5:36:1e:5c:bc:27:
                    7b:5d:02:db:b9:5d:c2:13:79:d3:05:76:47:8d:dd:
                    43:12:f0:8f:5b:4a:cd:74:42:cf:ed:93:e9:94:3b:
                    58:12:77:8f:3a:d1:b2:46:95:45:56:f5:58:ab:f3:
                    77:6a:04:be:1d:b8:84:ca:3a:c9:aa:28:e7:4a:6a:
                    cd:75:86:83:ac:b7:bf:5f:d5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Basic Constraints:
            CA:FALSE
            Netscape Comment:
            OpenSSL Generated Certificate
            X509v3 Subject Key Identifier:
            9E:EB:78:6D:50:16:51:05:1E:6C:8A:EA:5B:D0:83:01:35:B1:A5:F6
            X509v3 Authority Key Identifier:
            
keyid:28:F8:69:7D:76:80:93:64:1A:F7:88:37:35:6F:36:6E:62:67:AB:4A
            DirName:/C=ES/ST=Barcelona/L=Barcelona/O=OpenWired 
SL/OU=ibox/CN=iboxCA
            serial:00

    Signature Algorithm: md5WithRSAEncryption
        1f:70:cf:ed:15:bf:81:4b:d5:e6:6c:6b:62:bd:9a:57:76:6b:
        67:f1:3c:b8:87:9a:e1:8e:0a:f2:13:f0:e3:a7:db:b2:34:ca:
        53:3b:d9:56:ca:0f:dc:46:2e:18:3e:84:32:87:f9:20:26:1d:
        c9:4f:d8:ef:dc:89:7f:a2:01:8c:bd:b0:6e:03:ed:b4:89:c4:
        74:44:1f:77:26:25:df:90:f4:48:6d:86:d2:4a:0d:b4:5e:16:
        7c:d3:e1:cf:75:d2:37:ff:5b:7f:2d:6d:c9:d4:a0:bc:d0:7c:
        37:5c:dc:d4:2e:5e:a4:c8:c2:7e:9f:54:a3:ba:ff:e5:ed:ce:
        3e:49

More information about the samba mailing list