[Samba] Samba OpenLDAP TLS

Michael Wood esiotrot at gmail.com
Fri Dec 31 14:50:49 MST 2010


Hi

On 30 December 2010 14:35, Willy Offermans <Willy at offermans.rompen.nl> wrote:
> Dear Samba friends,
>
> I have setup a samba server 3.5 on FreeBSD 8.1-RELEASE-p2 with
> openldap-sasl-server-2.4. I have specified ``TLSVerifyClient demand'' in
> slapd.conf and want to enforce the clients to connect and show a
> valid certificate to the ldap server. As far as I have understood, Samba
> will act as a client as well and in order to access the ldap server it will
> need a client certificate as well. I do know how to generate a client
> certificate, but I do not know where to tell samba to use this
> client certificate. Is this supported by Samba or do I need to lower the
> constraints regarding the TLSVerifyClient? Maybe to ``TLSVerifyClient try''?

Just a guess, but have you tried the TLS_CERT and TLS_KEY options from
the LDAP client config?  They're listed in ldap.conf(5) as "user-only
options", so should be specified in $HOME/.ldaprc or ldaprc in the
current directory.  Not sure where $HOME or the current directory are
for Samba, though, but perhaps that will point you in the right
direction.

Hope that helps.

-- 
Michael Wood <esiotrot at gmail.com>


More information about the samba mailing list