[Samba] Samba + LDAP + TLS

Josh Kelley joshkel at gmail.com
Tue Oct 25 13:23:21 GMT 2005

On 10/24/05, Jukka Hienola <jukka.hienola at helsinki.fi> wrote:
> My question is, how changing "passdb backend" from ldap.server,name to
> can have this effect, since the server name should have been
> resolvable with /etc/hosts file? Does it has something to do with my
> certificate files, which are generated using ldap.server.name? However,
> I was able to login with TLS and Apache, so I don't think that's the case.

Some LDAP clients are more or less forgiving of certificate name
mismatches.  OpenLDAP 2.0.27 will work if the name mismatches;
OpenLDAP 2.2.23 won't; IIRC, pam_ldap won't, even if linked against
OpenLDAP 2.0.27 libraries.  So that may explain why some software
works and some doesn't.

Josh Kelley

More information about the samba mailing list