[Samba] SSL certificate in SAMBA4 LDAP?

Tim Vangehugten timvangehugten at gmail.com
Fri May 10 05:32:23 MDT 2013


Today I have looked again at the SSL certs from samba and I got them to
work with intermediate certificates. If you want to do this you need to
have to following:

IntermediateCA.crt
Yourdomain.crt
Yourdomain.key
and last your Global Root CA.pem (Mine intermediate CA is Alphassl so this
was GlobalSign_root_CA.pem)

Now copy your IntermediateCA.crt to /usr/local/samba/private/tls/ca.pem and
Yourdomain.key to /usr/local/samba/private/tls/key.pem

The part where it went wrong at first time was the cert.pem but to make it
work you have to do the following, create the file
/usr/local/samba/private/tls/cert.pem  and put at the beginning of the file
the certificate from Yourdomain.crt followed by the certificate in the file
IntermediateCA.crt and behind this you have to put your rootCA.pem and then
save the file.

Your cert.pem will look like the following:

-----BEGIN CERTIFICATE-----
Certificate of Yourdomain.crt
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
Certificate of IntermediateCA.crt
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
Certificate of RootCA.crt  in mine case this was GlobalSign_root_CA.pem
-----END CERTIFICATE-----

Restart samba and you now have your ldap running with a verified
intermediate certificate.



Best Regards
Tim Vangehugten


2013/4/27 Michael Wood <esiotrot at gmail.com>

> On 27 April 2013 10:02, Tim Vangehugten <timvangehugten at gmail.com> wrote:
> > I already put them into /usr/local/samba/private/tls and samba had read
> them
> > I just get the error that my CA is untrusted  though I got my certificate
> > signed by an intermediate CA. So probably it's somewhere my fault and not
> > related to samba :)
>
> OK, not sure how it works with intermediate CAs.  Maybe you need to
> have both root and intermediate CA certs in ca.pem, but I haven't
> tried it.
>
> > 2013/4/26 Michael Wood <esiotrot at gmail.com>
> >>
> >> On 25 April 2013 15:38, Tim Vangehugten <timvangehugten at gmail.com>
> wrote:
> >> > Hello,
> >> >
> >> > Is it possible to load my signed certificate into samba4 ldap so the
> >> > samba4
> >> > ldap would use it if a client connects to it? And if so, could someone
> >> > provide me with the details on howto do this or point me in the right
> >> > direction?
> >>
> >> Yes.
> >>
> >> Make sure you have the GnuTLS development libraries installed before
> >> compiling Samba.  Then put your CA cert, cert and key in
> >> /usr/local/samba/private/tls.  They should be named ca.pem, cert.pem
> >> and key.pem.
> >>
> >> I think you'll also need a DH params file.
> >>
> >> --
> >> Michael Wood <esiotrot at gmail.com>
> >
> >
>
>
>
> --
> Michael Wood <esiotrot at gmail.com>
>


More information about the samba mailing list