[Samba] Self Signed SSL Certificate from ldap server

Tue Feb 10 19:08:26 GMT 2004

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Martin Ritchie írta:
|
|
| Gerald (Jerry) Carter wrote:
|
|> -----BEGIN PGP SIGNED MESSAGE-----
|> Hash: SHA1
|>
|> Martin Ritchie wrote:
|> |
|> | How do i get samba to accept a self signed certificate
|> | from my ldap server?
|>
|> You need the openldap client libs to accept the cert.
|> See the howto at
|>
|> http://www.openldap.org/pub/ksoper/OpenLDAP_TLS_howto.html
|
|
|
| I had the client libs set up to be the default i.e. tls_checkpeer was
| set to no. This worked fine for the nss_ldap client.
|
| I changed this to yes and gave the tls_cacertfile the ca file and things
| still worked for nss_ldap.
|
| However, I still get the same probelm with samba. Am I doing something
| wrong?
|
| While I know this seems to have more of a LDAP focus I believe the
| problem is else where. nss_ldap and pam_ldap both work fine with the
| /etc/ldap.conf settings yet samba 3.0.2 still gives a certificate error:
|
| error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate
| verify failed
|
| Does someone have a ldap/samba setup using SSL rather than TLS with
| self-signed certs?
|
| Cheers
|
I don't know your filesystem in detail, but nss+pam_ldap has its own
ldap.conf located at /etc/ldap.conf, at my systems, and it seems, that
at yours too. Anything else using ldap libs has its configuration file
caled ldap.conf located at the same dir as the openldap servers
slapd.conf, /etc/openldap/ldap.conf, at my side. I also had to set the
LDAPCONF=/etc/openldap/ldap.conf in one of my initialisation scripts
(/etc/profile.d/ldap.sh and /etc/profile.d/ldap.csh), but it may be just
Manrake 9.2 related.

Regards,

Geza
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.3 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFAKSwq/PxuIn+i1pIRApANAJwNBlkUQ0rjywi22sREcUFdhYpKFgCgo6aF
R2ZCpoU6CeeDXKGUAbX7FLM=
=wW9W
-----END PGP SIGNATURE-----