[Samba] How to samba ldap and ssl

Ander Punnar ander.punnar at gmail.com
Fri Aug 5 03:11:10 MDT 2011

2011/8/4 <samba-request at lists.samba.org>

> I have installed SAMBA + OpenLDAP + TLS successfully with the debian
> packages. There is no need to rebuild openldap from scratch.
> My config :
> Debian Queeze amd64
> OpenLDAP: slapd 2.4.23 (Jun 15 2011 13:31:57)
> Samba v3.5.6
> OpenSSL 0.9.8o 01 Jun 2010


Depends: libgnutls26

When you are trying to do syncrepl with startls or ldaps://
between 2 Debian boxes and use self-signed certs, then it doesn't work.
When you are using LDAP-client compiled with OpenSSL, then it works,
because client tries to verify certs, not server and OpenSSL is more sane
when it
comes to self-signed certs.

Yes, I tried that CA.pl/sh script to create own CA,
debugged with gnutls utils and did lots of other stuff and every time I got
verification errors.

But this problem is OpenLDAP (debian package) related, not Samba.

Sent from my PC.

More information about the samba mailing list