[Samba] Re: Fedora and Samba

Jamrock news_jamrock at yahoo.com
Wed May 12 00:43:30 GMT 2004 

"Robert" <Robertedstrom at yahoo.com> wrote in message
news:c7r511$nih$1 at sea.gmane.org...
> I forgot to mention something.  The error message I get is
>
> "smbldap_search_suffix: Problem during the LDAP search: error:14090086:SSL
> routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed (Connect
> error)" with tls support and
>
> "Can't contact LDAP server
>         error:14090086:SSL
routines:SSL3_GET_SERVER_CERTIFICATE:certificate
> verify failed
> Connection to LDAP Server failed for the 1 try!
> Connection to LDAP Server failed for the 2 try!
> Connection to LDAP Server failed for the 3 try!
> Connection to LDAP Server failed for the 4 try!
> Connection to LDAP Server failed for the 5 try!
> Connection to LDAP Server failed for the 6 try!"
>
> with ssl support turned on.

Do you have OpenSSL properly installed and configured?  It appears as if
Samba is searching for the SSL certificates and is unable to find them.

Make sure that you can use ldapsearch with tls before trying to use Samba
with tls.

Here is a good article on geting OpenLDAP to work with OpenSSL.

http://www.openldap.org/pub/ksoper/OpenLDAP_TLS_howto.html

Basically you need to:

Create the certificate authority
Create the SSL certificates and key
Tell slapd.conf to use tls and where to find the certificates
Tell  ldap.conf to use tls and where to find the certificates
Test using the ldapsearch command

>
> "Robert" <Robertedstrom at yahoo.com> wrote in message
> news:c7r4nu$mnc$1 at sea.gmane.org...
> > Hi.  I am trying to get Samba 3.0.4, from tarball, working with Fedora
> Core
> > 1.  The problem is that I can't get LDAP authentication with either ssl
or
> > start_tls support.
> >
> > I tried compiling ldap on a plain install of fedora.  I also tried
> compiling
> > it after installing openssl-0.9.7d and openldap 2.2.11 clients and
> libraries
> > from tarball.  My ldap configuration of samba is as follows:
> >
> >         idmap backend           = ldapsam_compat:ldap://ldap.domain.tld
> >         passdb backend          = ldapsam_compat:ldap://ldap.domain.tld
> >         ldap admin dn           = cn=Directory
> > Administrator,ou=Maintenance,o=domain
> >         ldap delete dn          = no
> >         ldap port               = 389
> >         ldap server             = ldap.domain.tld
> >         ldap ssl                = start_tls
> >         ldap suffix             = o=domain
> >
> >         ldap user suffix        = ou=People
> >         ldap group suffix       = ou=Group
> >         ldap machine suffix     = ou=Workstations,ou=People
> >
> > I installed samba 3.0.4, from tarball, on a redhat linux 8.0 box and tls
> and
> > ssl support works just fine.
> >
> > Is there something that I need to do to get ssl/tls support enabled.
What
> > am I doing wrong?
> >
> > On the subject of compiling.  Is there a way to statically build the
samba
> > package and binary programs?  Can someone refer me to a compiling unix
> > programs for dummies?
> >
> > Thanks in advance.
> >
> >
> >
> > -- 
> > To unsubscribe from this list go to the following URL and read the
> > instructions:  http://lists.samba.org/mailman/listinfo/samba
> >
>
>
>
> -- 
> To unsubscribe from this list go to the following URL and read the
> instructions:  http://lists.samba.org/mailman/listinfo/samba
>

More information about the samba mailing list