[Samba] TLS: hostname doesn't match CN??

David Moron david.moron at openwired.net
Tue Dec 9 09:36:51 GMT 2003


It solved my problem.

Thank You very much.

David Morón

Gerald (Jerry) Carter wrote:

> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> David Moron wrote:
> | Hi,
> |
> | I'm configuring Samba 3.0 to store users in ldap server.
> |
> | I've configured openldap 2.1 with SSL and it worked properly with ldap
> | commands but when
> | I try using then smbpasswd command it reports me the error:
> |
> | failed to bind to server with dn= cn=Manager,dc=openwired,dc=net Error:
> | Can't contact LDAP server
> |        TLS: hostname does not match CN in peer certificate
> | Connection to LDAP Server failed for the 1 try!
> | Connection to LDAP Server failed for the 2 try!
> | ...
> |
> | I had the same error with ldapadd, ldapsearch, etc but I corrected it
> | setting CN=ibox.desarrollo.com (Fully Qualified Domain Name).
> | Why Samba doesn'tmatch the CN attribute and the hostname????
>
> This is a very common openldap / ssl issue.  Make sure the hostname you
> use in the passdb backend line is the same as the one you soecified in
> the ldap server cert.
>
>
> - --
> cheers, jerry
> ~ ----------------------------------------------------------------------
> ~ Hewlett-Packard            ------------------------- http://www.hp.com
> ~ SAMBA Team                 ---------------------- http://www.samba.org
> ~ GnuPG Key                  ---- http://www.plainjoe.org/gpg_public.asc
> ~ "If we're adding to the noise, turn off this song" --Switchfoot (2003)
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.2.1 (GNU/Linux)
> Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
>
> iD8DBQE/1OKJIR7qMdg1EfYRAvOOAJ9v0+e9Pv8pBolJBQ3GZ1GbuoAbOQCgsMEF
> lv3WaN+eWW/J65nCBEOaiRQ=
> =p2fV
> -----END PGP SIGNATURE-----
>




More information about the samba mailing list