[Samba] TLS: hostname doesn't match CN??

Gerald (Jerry) Carter jerry at samba.org
Mon Dec 8 20:43:53 GMT 2003


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

David Moron wrote:
| Hi,
|
| I'm configuring Samba 3.0 to store users in ldap server.
|
| I've configured openldap 2.1 with SSL and it worked properly with ldap
| commands but when
| I try using then smbpasswd command it reports me the error:
|
| failed to bind to server with dn= cn=Manager,dc=openwired,dc=net Error:
| Can't contact LDAP server
|        TLS: hostname does not match CN in peer certificate
| Connection to LDAP Server failed for the 1 try!
| Connection to LDAP Server failed for the 2 try!
| ...
|
| I had the same error with ldapadd, ldapsearch, etc but I corrected it
| setting CN=ibox.desarrollo.com (Fully Qualified Domain Name).
| Why Samba doesn'tmatch the CN attribute and the hostname????

This is a very common openldap / ssl issue.  Make sure the hostname you
use in the passdb backend line is the same as the one you soecified in
the ldap server cert.


- --
cheers, jerry
~ ----------------------------------------------------------------------
~ Hewlett-Packard            ------------------------- http://www.hp.com
~ SAMBA Team                 ---------------------- http://www.samba.org
~ GnuPG Key                  ---- http://www.plainjoe.org/gpg_public.asc
~ "If we're adding to the noise, turn off this song" --Switchfoot (2003)
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQE/1OKJIR7qMdg1EfYRAvOOAJ9v0+e9Pv8pBolJBQ3GZ1GbuoAbOQCgsMEF
lv3WaN+eWW/J65nCBEOaiRQ=
=p2fV
-----END PGP SIGNATURE-----



More information about the samba mailing list