[Samba] Samba StartTLS
zoolook
nbensa at gmail.com
Sat Nov 12 13:34:05 MST 2011
Hi Steve,
2011/11/12 steve <steve at steve-ss.com>:
> My smb conf looks like this:
>
> passdb backend = ldapsam:ldap://hh1.site
> idmap backend = ldap:ldap://hh1.site
> ldap ssl = start tls
Looks right.
>
> hh1.site is my FQDN and is also the CN for the CA and servercerts.
>
Good
> But I'm wondering. Since the samba and ldap servers are both on the same
> box, is that why TLS isn't working?
Nope. But you could disable ssl/tls in that case: "ldap ssl = off"
> Because it doesn't make sense to have
> it?
It doesn't make sense to use ssl/tls connections in your case, but it
is not the cause your setup is not working.
> There is no communication between samba and ldap over the network as
> they are both on the same machine. Would this explain the errors:
>
No
>
> However, they can connect with:
>
> TLS_REQCERT never
> in
> /etc/openldap/ldap.conf
Yes, because you're are missing your CA. If you want samba to connect
to openldap over tls/ssl, you need something like this:
TLS_REQCERT hard
TLS_CACERT /path/to/your/ca.crt
>
> Confused!
Basically you either need to disable tls (ldapsam:ldap://.... and ldap
ssl = off) or put your CA in your samba server and tell ldap where to
find it.
Regards,
Norberto
More information about the samba
mailing list