[Samba] [LDAP+SSL+Samba 3.0.2a] pb start tls
SECRET Defense
dj_soldate at hotmail.com
Wed Jun 2 13:10:32 GMT 2004
hello !
first of all , I run on a Debian woody (without X), I have a LDAP directory
(with ssl/tls ok), I have an anthentification PAM_LDAP (login only, I have
no system-auth file) which works with ssl/tls too.
then ,now I would like a samba (3.0.2a) which supports SSL/TLS and LDAP (of
course)
I compiled this version of samba like this :
./configure --with-ldapsam --prefix=/usr/local/samba --with-ssl
make
make install
NO error !
A testparm says : no error
but when I try to connect my user ldap (called testldap) on my windows I get
:
"the option STARTTLS is not supported " in the log
so I did : ldd /usr/local/samba/sbin/sbmd
and I see libldap, liblber, libpam, etc.. but NO libssl...:(
I reconfigure and reinstall samba like this
./configure --with-ldap --prefix=/usr/local/samba -enabled-shared
--with-tdbsam
make
make install
testparm says : unknown option "ldap port"
it's ok 'coz I have not compiled samba with the option --ldapsam.. so I just
commented this line
and I read the man smb.conf
see this :
default : ldap port = 636 if ldap ssl=on
default : ldap port= 389 if ldap ssl=off
so I put
ldap ssl=off (then I turn on port 389 - the port of TLs)
ldap ssl= start tls (then I want tls )
I try to open a swindows session. and it works !!!!!!!!
or maybe It seems to work..
I can open a session for the user testldap, the ssldump shows me some
transactions/things on the port 389, but (because there is always a BUT) the
debug of the ldap serveur (option -d127) doesnt show me some TLS read or
something like this, and the password of the admin of LDAP directory is in
clear...
so Is it works or no??
Is someone who has already managed to do samba 3.x+LDAP +SSL/TLS???
is it possible?
So, plz can someone help me ??, I'm in training period.. and the time is
almost finish...
Thanks
Gabrielle
PS : debian woody (without X)
openldap 2.1.23
openssl 0.9.7d
samba 3.0.2a
PPS : my smb.conf
[global]
workgroup = GABY
netbios name = TESTG
server string = Samba Server de Gaby
security = user
load printers = yes
printing = cups
log file = /usr/local/samba/var/log.%m
max log size = 1000
socket options = TCP_NODELAY
local master = yes
os level = 255
domain master = yes
preferred master = yes
domain logons = yes
logon path = \\%L\Profiles\%U
wins support = yes
dns proxy = no
logon drive = Z:
logon home = \\%L\profiles\%U
passdb backend = ldapsam:ldap://svrldap.tzm.fr
ldap suffix = dc=tzm_fr
ldap admin dn = cn=admin,dc=tzm_fr
ldap machine suffix = ou=Computers,dc=tzm_fr
ldap user suffix = ou=People,dc=tzm_fr
ldap ssl = start tls
ldap ssl =off
[homes]
comment = Home Directories
browseable = no
writable = yes
create mask = 0700
directory mask = 0700
[netlogon]
comment = Network Logon Service
path = /home/samba/netlogon
guest ok = no
writable = no
share modes = no
browseable = no
[Profiles]
path = /home/samba/export/profiles
browseable = no
guest ok = yes
writeable = yes
create mask = 0700
directory mask = 0700
[printers]
comment = All Printers
path = /tmp
browseable = no
guest ok = no
writable = no
printable = yes
[public]
comment = Public Stuff
path = /home/samba/public
public = yes
writable = yes
_________________________________________________________________
MSN Search, le moteur de recherche qui pense comme vous !
http://search.msn.fr
More information about the samba
mailing list