[Samba] Self Signed SSL Certificate from ldap server

Martin Ritchie martin.ritchie at kelvininstitute.com
Tue Feb 10 16:57:30 GMT 2004

Gerald (Jerry) Carter wrote:
> Hash: SHA1
> Martin Ritchie wrote:
> |
> | How do i get samba to accept a self signed certificate
> | from my ldap server?
> You need the openldap client libs to accept the cert.
> See the howto at
> http://www.openldap.org/pub/ksoper/OpenLDAP_TLS_howto.html

I had the client libs set up to be the default i.e. tls_checkpeer was 
set to no. This worked fine for the nss_ldap client.

I changed this to yes and gave the tls_cacertfile the ca file and things 
still worked for nss_ldap.

However, I still get the same probelm with samba. Am I doing something 

While I know this seems to have more of a LDAP focus I believe the 
problem is else where. nss_ldap and pam_ldap both work fine with the 
/etc/ldap.conf settings yet samba 3.0.2 still gives a certificate error:

error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate 
verify failed

Does someone have a ldap/samba setup using SSL rather than TLS with 
self-signed certs?


Martin Ritchie

the Kelvin Institute
50, George Street
Scotland, UK
G1 1QE

+44 (0) 141 548 5719

More information about the samba mailing list