[Samba] Samba and LDAP SSL

Gémes Géza geza at kzsdabas.sulinet.hu
Fri Feb 6 18:20:29 GMT 2004


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Martin Ritchie írta:
|
|
| Jérôme Tournier wrote:
|
|> Le Wed, Feb 04, 2004 at 05:13:34PM +0000, Martin Ritchie a ecrit:
|>
|>> Is anyone using samba with an openldap backend? I've been trying to
|>> get it to use a SSL connection without much success. Has anyone
|>> managed to get it all to work?
|>
|>
|>
|> i've done a quick guide. You can have a look here :
|> http://samba.idealx.org/dist/doc/smbldap-tools007.html
|
|
| This guide only suggests using tls. I need to use SSL.
|
| So fully encrypted communication.
|
| The ldap server is setup with a self signed certificate. This all works
| fine for unix logins and lookups.
|
| I can't get samba to go fully SSL with the server.
|
| running strace on the smbd server then running the smbclient on it shows
| the server trying to connect to the ldap server. What it is writing is
| this:
|
| write(22, "07\2\1\1`2\2\1\3\4$cn=Manager,dc=kelvin"..., 57) = 57
|
| This doesn't look like SSL data to me. Looks plaintext.
|
| My smb.conf file is configure correctly I'm sure.
|
| ldap ssl = on
| ldap port = 636 # Though this is not used
| ldap server = ki(This is the FQDN)
| passdb backend = ldapsam:ldaps://ki.kelvininstitute.com/
|
| It is the ldap or ldaps that specifies the connection port.
|
| Sorry to go on about this but I'm beginning to get pressure to get this
| working and I've run out of ideas about why it isn't working.
|
| Any help would be great
|
| Cheers
|
Your problem arives from using self signed certificate. While
nss+pam_ldap would accept it standard ldap client (>=2.1.x) library
based applications, like samba won't. You could convince yourself doing
an ldapsearch ...... -X -ZZ, see the manpage for details.

For samba version 3.0.x you don't need ldap server, and ldap port
parameters, I would suggest, to you, read that doc, mentioned earlier.

Regards,

Geza
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.3 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFAI9rs/PxuIn+i1pIRApF2AJ9U196ZnqDL3xWlg/16Z4mw3LWghQCdGTg2
0JV3gMnyyYw2nTMoIOFOYcg=
=8M5h
-----END PGP SIGNATURE-----



More information about the samba mailing list