[Samba] Samba StartTLS [SOLVED]
steve at steve-ss.com
Sat Nov 12 22:55:15 MST 2011
On Saturday 12 Nov 2011 21:34:05 you wrote:
> Hi Steve,
> 2011/11/12 steve <steve at steve-ss.com>:
> > My smb conf looks like this:
> > passdb backend = ldapsam:ldap://hh1.site
> > idmap backend = ldap:ldap://hh1.site
> > ldap ssl = start tls
> Looks right.
> > hh1.site is my FQDN and is also the CN for the CA and servercerts.
> > But I'm wondering. Since the samba and ldap servers are both on the same
> > box, is that why TLS isn't working?
> Nope. But you could disable ssl/tls in that case: "ldap ssl = off"
> > Because it doesn't make sense to have
> > it?
> It doesn't make sense to use ssl/tls connections in your case, but it
> is not the cause your setup is not working.
> > There is no communication between samba and ldap over the network as
> > they are both on the same machine. Would this explain the errors:
> > However, they can connect with:
> > TLS_REQCERT never
> > in
> > /etc/openldap/ldap.conf
> Yes, because you're are missing your CA. If you want samba to connect
> to openldap over tls/ssl, you need something like this:
> TLS_REQCERT hard
> TLS_CACERT /path/to/your/ca.crt
> > Confused!
> Basically you either need to disable tls (ldapsam:ldap://.... and ldap
> ssl = off) or put your CA in your samba server and tell ldap where to
> find it.
Noberto, you are magic.
I commented out:
restarted ldap and samba and it connected with STARTTLS!
Thank you so much.
More information about the samba