[Samba] Tell TLS to ignore certs
Chris St. Pierre
stpierre at NebrWesleyan.edu
Thu Jan 18 19:28:26 GMT 2007
I'm trying to get Samba to use StartTLS when talking to my LDAP
servers, but I've run into a problem. We use a round-robin DNS setup
for our LDAP servers, so the certificate name doesn't match the name
Samba is calling them. This isn't a problem for OpenLDAP/nss_ldap,
because I can specify:
TLS_REQCERT never
...in their various config files. For Samba I can't seem to find a
parallel configuration option, so I keep getting:
[2007/01/18 11:00:29, 0] lib/smbldap.c:smb_ldap_start_tls(546)
Failed to issue the StartTLS instruction: Connect error
Is it possible to tell Samba not to check the cert names? I really
don't care about the identity assurance part of TLS, I just want
encryption.
Thanks!
Chris St. Pierre
Unix Systems Administrator
Nebraska Wesleyan University
----------------------------
Never send mail to thobrux at nebrwesleyan.edu
More information about the samba
mailing list