[Samba] Self Signed SSL Certificate from ldap server

[Martin Ritchie]

Gerald (Jerry) Carter wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
> 
> Martin Ritchie wrote:
> |
> | How do i get samba to accept a self signed certificate
> | from my ldap server?
> 
> You need the openldap client libs to accept the cert.
> See the howto at
> 
> http://www.openldap.org/pub/ksoper/OpenLDAP_TLS_howto.html


I had the client libs set up to be the default i.e. tls_checkpeer was 
set to no. This worked fine for the nss_ldap client.

I changed this to yes and gave the tls_cacertfile the ca file and things 
still worked for nss_ldap.

However, I still get the same probelm with samba. Am I doing something 
wrong?

While I know this seems to have more of a LDAP focus I believe the 
problem is else where. nss_ldap and pam_ldap both work fine with the 
/etc/ldap.conf settings yet samba 3.0.2 still gives a certificate error:

error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate 
verify failed

Does someone have a ldap/samba setup using SSL rather than TLS with 
self-signed certs?

Cheers

-- 
Martin Ritchie

the Kelvin Institute
50, George Street
Glasgow
Scotland, UK
G1 1QE

www.kelvininstitute.com
+44 (0) 141 548 5719