[Samba] Samba and LDAP SSL
geza at kzsdabas.sulinet.hu
Fri Feb 6 18:20:29 GMT 2004
-----BEGIN PGP SIGNED MESSAGE-----
Martin Ritchie írta:
| Jérôme Tournier wrote:
|> Le Wed, Feb 04, 2004 at 05:13:34PM +0000, Martin Ritchie a ecrit:
|>> Is anyone using samba with an openldap backend? I've been trying to
|>> get it to use a SSL connection without much success. Has anyone
|>> managed to get it all to work?
|> i've done a quick guide. You can have a look here :
| This guide only suggests using tls. I need to use SSL.
| So fully encrypted communication.
| The ldap server is setup with a self signed certificate. This all works
| fine for unix logins and lookups.
| I can't get samba to go fully SSL with the server.
| running strace on the smbd server then running the smbclient on it shows
| the server trying to connect to the ldap server. What it is writing is
| write(22, "07\2\1\1`2\2\1\3\4$cn=Manager,dc=kelvin"..., 57) = 57
| This doesn't look like SSL data to me. Looks plaintext.
| My smb.conf file is configure correctly I'm sure.
| ldap ssl = on
| ldap port = 636 # Though this is not used
| ldap server = ki(This is the FQDN)
| passdb backend = ldapsam:ldaps://ki.kelvininstitute.com/
| It is the ldap or ldaps that specifies the connection port.
| Sorry to go on about this but I'm beginning to get pressure to get this
| working and I've run out of ideas about why it isn't working.
| Any help would be great
Your problem arives from using self signed certificate. While
nss+pam_ldap would accept it standard ldap client (>=2.1.x) library
based applications, like samba won't. You could convince yourself doing
an ldapsearch ...... -X -ZZ, see the manpage for details.
For samba version 3.0.x you don't need ldap server, and ldap port
parameters, I would suggest, to you, read that doc, mentioned earlier.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.3 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
-----END PGP SIGNATURE-----
More information about the samba