[Samba] Samba and LDAP SSL certificate issue (last problem)
Martin Ritchie
martin.ritchie at kelvininstitute.com
Mon Feb 9 17:43:26 GMT 2004
Gémes Géza wrote:
> Your problem arives from using self signed certificate. While
> nss+pam_ldap would accept it standard ldap client (>=2.1.x) library
> based applications, like samba won't. You could convince yourself doing
> an ldapsearch ...... -X -ZZ, see the manpage for details.
Indeed the problem was certificate related. But also the OpenSSL
libraries were not being picked up. Now that they are I'm getting a
failed to bind to server with dn= cn=Manager,dc=kelvininstitute,dc=com
Error: Can't contact LDAP server
error:14090086:SSL
routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed
Now I sure this is due to the self-signed cert. However I have added it
to my <ssl-path>/certs/ directory as pointed out here:
<http://tirian.magd.ox.ac.uk/~nick/openssl-certs/others.shtml#selfsigned-openssl>
and running openssl verify ldap.pem verifies OK on both ldap server and
samba server. I have linked all the ssl directories that existed to the
same directory just in case is was trying the wrong path. i.e
/usr/share/ssl /usr/local/ssl goto /usr/local/openssl/ssl
However, samba still produces the above verification error.
If anyone can point me in the right direction then I'll stop bothering
you all. It can't be dependent on getting a 'real' certificate can it?
tia
--
Martin Ritchie
the Kelvin Institute
50, George Street
Glasgow
Scotland, UK
G1 1QE
www.kelvininstitute.com
+44 (0) 141 548 5719
More information about the samba
mailing list