[Samba] Self Signed SSL Certificate from ldap server
geza at kzsdabas.sulinet.hu
Tue Feb 10 19:08:26 GMT 2004
-----BEGIN PGP SIGNED MESSAGE-----
Martin Ritchie írta:
| Gerald (Jerry) Carter wrote:
|> -----BEGIN PGP SIGNED MESSAGE-----
|> Hash: SHA1
|> Martin Ritchie wrote:
|> | How do i get samba to accept a self signed certificate
|> | from my ldap server?
|> You need the openldap client libs to accept the cert.
|> See the howto at
| I had the client libs set up to be the default i.e. tls_checkpeer was
| set to no. This worked fine for the nss_ldap client.
| I changed this to yes and gave the tls_cacertfile the ca file and things
| still worked for nss_ldap.
| However, I still get the same probelm with samba. Am I doing something
| While I know this seems to have more of a LDAP focus I believe the
| problem is else where. nss_ldap and pam_ldap both work fine with the
| /etc/ldap.conf settings yet samba 3.0.2 still gives a certificate error:
| error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate
| verify failed
| Does someone have a ldap/samba setup using SSL rather than TLS with
| self-signed certs?
I don't know your filesystem in detail, but nss+pam_ldap has its own
ldap.conf located at /etc/ldap.conf, at my systems, and it seems, that
at yours too. Anything else using ldap libs has its configuration file
caled ldap.conf located at the same dir as the openldap servers
slapd.conf, /etc/openldap/ldap.conf, at my side. I also had to set the
LDAPCONF=/etc/openldap/ldap.conf in one of my initialisation scripts
(/etc/profile.d/ldap.sh and /etc/profile.d/ldap.csh), but it may be just
Manrake 9.2 related.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.3 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
-----END PGP SIGNATURE-----
More information about the samba