[Samba] TLS question. Does it work?

Peter Nyberg Peter.Nyberg at dbb.su.se
Mon Feb 14 14:24:59 GMT 2005

Hi all!
I'm using Debian Sarge with openldap, samba and TLS. I can't figure out if TLS
works or not so please help me out here. The certificate verification is OK.
I installed the server looking at the howtos on idealx.org
I can add users, groups and computers to ldap. I've tried with sucess to add
computer to the domain. Now to the point.
When I do a test like:
ldapsearch -x -ZZ -D "cn=admin,dc=dbb,dc=su,dc=se" -W -b '' -s base
'(objectClass=*)' namingContexts

Everything works only if I have TLSVerifyClient allow or none. If I use
TLSVerifyClient try or demand which generate a "ldap_bind: Can't contact LDAP
server (81)"

I estimate the server choosed not to use TLS at all

But when I try to make a lookup error in ldap.conf. I change the the HOST from
FQDN to it's ip address. 

Now if using "TLSVerifyClient allow" I get a certificate error which should be
correct. This must also mean that ldapsearch reads correct ldap.conf and

I'm very confused here and really need some help.

Peter Nyberg
Institutionen för Biokemi och Biofysik (DBB)
Sv.Arrhenius vägen 12
106 91 Stockholm
Tel: 08-16 24 69
Mobil: 070 339 24 69
Fax 08 153679

More information about the samba mailing list