[Samba] Samba and LDAP SSL certificate issue (last problem)

Gémes Géza geza at kzsdabas.sulinet.hu
Mon Feb 9 18:17:13 GMT 2004

Hash: SHA1

Martin Ritchie írta:
| Gémes Géza wrote:
|> Your problem arives from using self signed certificate. While
|> nss+pam_ldap would accept it standard ldap client (>=2.1.x) library
|> based applications, like samba won't. You could convince yourself doing
|> an ldapsearch ...... -X -ZZ, see the manpage for details.
| Indeed the problem was certificate related. But also the OpenSSL
| libraries were not being picked up. Now that they are I'm getting a
| failed to bind to server with dn= cn=Manager,dc=kelvininstitute,dc=com
| Error: Can't contact LDAP server
|         error:14090086:SSL
| routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed
| Now I sure this is due to the self-signed cert. However I have added it
| to my <ssl-path>/certs/ directory as pointed out here:

| and running openssl verify ldap.pem verifies OK on both ldap server and
| samba server. I have linked all the ssl directories that existed to the
| same directory just in case is was trying the wrong path. i.e
| /usr/share/ssl /usr/local/ssl goto /usr/local/openssl/ssl
| However, samba still produces the above verification error.
| If anyone can point me in the right direction then I'll stop bothering
| you all. It can't be dependent on getting a 'real' certificate can it?
| tia
I think setting up your own certificate authority, and then convincing
your clients to trust it is the easiest/cheapest method. You can read
about it on OpenLDAP Administrators Guide, as well as other documents on
the Net.

Good Luck!

Version: GnuPG v1.2.3 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org


More information about the samba mailing list