[Samba] Samba StartTLS

zoolook nbensa at gmail.com
Sat Nov 12 10:52:58 MST 2011

2011/11/11 steve <steve at steve-ss.com>:
>  So, On a
> win 7 client, where do I put the CA cert?

You don't :-)

Win will talk to samba. Samba talks to OpenLDAP over a tls conection.

>From my experience (since -from my pov- it is not clear in the docs),
Samba needs:

        passdb backend = ldapsam:ldaps://ldap.yourdomain.tld
        ldap ssl = off


        passdb backend = ldapsam:ldap://ldap.yourdomain.tld
        ldap ssl = start tls

BTW, the CN in the certificate must match the ldap uri if smb.conf. In
other words, if your certificate was created using CN=ldap.mydomian,
and you put ldapsam:ldap://localhost in smb.conf, it won't work.


More information about the samba mailing list