[Samba] Samba StartTLS
zoolook
nbensa at gmail.com
Fri Nov 11 12:23:39 MST 2011
2011/11/11 steve <steve at steve-ss.com>:
> On 11/11/2011 08:31 AM, steve wrote:
>>
>> Hi
>> Scenario:
>> Lan with opensuse 11.4 Samba and LDAP server. Linux, win-xp and win7
>> clients.
>>
>>
>>
>> Nov 10 11:20:16 hh1 smbd[6066]: [2011/11/10 11:20:16.268556, 0]
>> lib/smbldap.c:731(smb_ldap_start_tls)
>> Nov 10 11:20:16 hh1 smbd[6066]: Failed to issue the StartTLS
>> instruction:
>> Connect error
>>
>
> Solved?
> Adding:
>
> TLS_REQCERT never
>
> to
>
> /etc/openldap/ldap.conf
>
> allows windows to connect to the samba domain with TLS.
>
> Can anyone comment on the security of this workaround?
> Thanks
Or you can copy your servers' CA to your clients, in this case your
samba server and use "TLS_REQCERT hard"
Your solution works, but some other machine can impersonate your ldap
server and your smb server will never know the difference.
Regards,
Norberto
More information about the samba
mailing list