[Samba] Tell TLS to ignore certs

Chris St. Pierre stpierre at NebrWesleyan.edu
Thu Jan 18 19:28:26 GMT 2007


I'm trying to get Samba to use StartTLS when talking to my LDAP
servers, but I've run into a problem.  We use a round-robin DNS setup
for our LDAP servers, so the certificate name doesn't match the name
Samba is calling them.  This isn't a problem for OpenLDAP/nss_ldap,
because I can specify:

TLS_REQCERT never

...in their various config files.  For Samba I can't seem to find a
parallel configuration option, so I keep getting:

[2007/01/18 11:00:29, 0] lib/smbldap.c:smb_ldap_start_tls(546)
   Failed to issue the StartTLS instruction: Connect error

Is it possible to tell Samba not to check the cert names?  I really
don't care about the identity assurance part of TLS, I just want
encryption.

Thanks!

Chris St. Pierre
Unix Systems Administrator
Nebraska Wesleyan University
----------------------------
Never send mail to thobrux at nebrwesleyan.edu


More information about the samba mailing list