[Samba] Samba and slapd.conf's TLSVerifyClient

Doug Campbell doug at bpta.net
Thu Apr 7 03:12:09 GMT 2005

I have Samba 3.0.13 and LDAP 2.2.24 installed.  I have placed the following
directive in my slapd.conf file.

TLSVerifyClient demand

I have the PADL stuff configured and working fine.
ldapsearch with -ZZ works fine.
I even have the Idealx smbldap-tools working fine.

Samba won't work though unless I set

TLSVerifyClient try

According to the slapd.conf man page, "try" causes a client certificate to
be requested.  If no client certificate is returned then the session
proceeds normally.  If a client certificate is returned and it is bad the
session is terminated otherwise it should proceed normally.

This seems to mean that either

1.  Samba doesn't provide a client certificate


2.  Samba is providing a bad client certificate

Either way, my question is where do I specify the client certificate for
Samba to use? or put another way, does Samba even support this?



More information about the samba mailing list