[Samba] start tls problem

moof48 at temple.edu moof48 at temple.edu
Mon Aug 30 19:51:12 GMT 2004


I dont use the openldap service so I dont think setting it 
here would matter.  Only the libraries.  My Sun One systems 
are on other box's.  Anyone else know where to put this CA 
cert for when samba uses tls?  

---- Original message ----
>Date: Mon, 30 Aug 2004 11:48:10 -0700
>From: "Jeff Saxton" <jsaxton at addamark.com>  
>Subject: RE: [Samba] start tls problem  
>To: <samba at lists.samba.org>
>Cc: <moof48 at temple.edu>
>
>For openldap it is (usually) specified in
>/usr/local/openldap/etc/openldap/ldap.conf
>
>WATCH OUT: if you have the padl stuff installed there are ( 
usually ) 2
>ldap.conf files, one for openldap and 1 for padl
>These have very different syntaxes.  You can use the 
following command
>to see which file is being used by openldap:
>
># strace ldapsearch -x -D 'cn=manager,dc=example,dc=com' -b
>'ou=people,dc=example.dc=com' -w secret | grep ldap.conf
>
>I believe that the config file directive is:
>
>TLS_CACERT	/path/to/ca/cert.pem
>
>Jeff Saxton
>Sr. Support Engineer
>Addamark Technologies, Inc.
>http://www.addamark.com
>mailto:support at addamark.com
>CELL: +1 415-640-6392
>
>
>-----Original Message-----
>From: samba-bounces+jeff.saxton=addamark.com at lists.samba.org
>[mailto:samba-
bounces+jeff.saxton=addamark.com at lists.samba.org] On
>Behalf Of moof48 at temple.edu
>Sent: Monday, August 30, 2004 11:38 AM
>To: samba at lists.samba.org
>Subject: [Samba] start tls problem
>
>
>I'm having trouble getting tls working.  It used to work 
>until I changed the smb.conf file to to poing to a 
different 
>host.  I think I have tracked it down to ldap servers ssl 
>cert issuer(CA). 
>
>I keep getting errors like "self signed certificate in 
>certificate chain" while using openssl commands or a 
>ldapsearch w/ tls and debug mode.  
>
>So my question is...  Where can I put a copy of my CA's 
>cert.  Everything workes fine with openssl command when I 
>throw it a file the ca certs in it.  What does samba/ldap 
>use.  Do I need to put it in the openssl stuff?  Any help 
is 
>appreciated.
>-- 
>To unsubscribe from this list go to the following URL and 
read the
>instructions:  http://lists.samba.org/mailman/listinfo/samba
>


More information about the samba mailing list