[Samba] Samba and LDAP SSL certificate issue (last problem)

Martin Ritchie martin.ritchie at kelvininstitute.com
Mon Feb 9 17:43:26 GMT 2004

Gémes Géza wrote:

> Your problem arives from using self signed certificate. While
> nss+pam_ldap would accept it standard ldap client (>=2.1.x) library
> based applications, like samba won't. You could convince yourself doing
> an ldapsearch ...... -X -ZZ, see the manpage for details.

Indeed the problem was certificate related. But also the OpenSSL 
libraries were not being picked up. Now that they are I'm getting a

failed to bind to server with dn= cn=Manager,dc=kelvininstitute,dc=com 
Error: Can't contact LDAP server
routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed

Now I sure this is due to the self-signed cert. However I have added it 
to my <ssl-path>/certs/ directory as pointed out here:
and running openssl verify ldap.pem verifies OK on both ldap server and 
samba server. I have linked all the ssl directories that existed to the 
same directory just in case is was trying the wrong path. i.e 
/usr/share/ssl /usr/local/ssl goto /usr/local/openssl/ssl

However, samba still produces the above verification error.

If anyone can point me in the right direction then I'll stop bothering 
you all. It can't be dependent on getting a 'real' certificate can it?


Martin Ritchie

the Kelvin Institute
50, George Street
Scotland, UK
G1 1QE

+44 (0) 141 548 5719

More information about the samba mailing list