[Samba] SSL certificate in SAMBA4 LDAP?

Mon May 13 04:42:34 MDT 2013

seems like interesting info for the wiki

Michael


2013/5/10 Tim Vangehugten <timvangehugten at gmail.com>

> Today I have looked again at the SSL certs from samba and I got them to
> work with intermediate certificates. If you want to do this you need to
> have to following:
>
> IntermediateCA.crt
> Yourdomain.crt
> Yourdomain.key
> and last your Global Root CA.pem (Mine intermediate CA is Alphassl so this
> was GlobalSign_root_CA.pem)
>
> Now copy your IntermediateCA.crt to /usr/local/samba/private/tls/ca.pem and
> Yourdomain.key to /usr/local/samba/private/tls/key.pem
>
> The part where it went wrong at first time was the cert.pem but to make it
> work you have to do the following, create the file
> /usr/local/samba/private/tls/cert.pem  and put at the beginning of the file
> the certificate from Yourdomain.crt followed by the certificate in the file
> IntermediateCA.crt and behind this you have to put your rootCA.pem and then
> save the file.
>
> Your cert.pem will look like the following:
>
> -----BEGIN CERTIFICATE-----
> Certificate of Yourdomain.crt
> -----END CERTIFICATE-----
> -----BEGIN CERTIFICATE-----
> Certificate of IntermediateCA.crt
> -----END CERTIFICATE-----
> -----BEGIN CERTIFICATE-----
> Certificate of RootCA.crt  in mine case this was GlobalSign_root_CA.pem
> -----END CERTIFICATE-----
>
> Restart samba and you now have your ldap running with a verified
> intermediate certificate.
>
>
>
> Best Regards
> Tim Vangehugten
>
>
> 2013/4/27 Michael Wood <esiotrot at gmail.com>
>
> > On 27 April 2013 10:02, Tim Vangehugten <timvangehugten at gmail.com>
> wrote:
> > > I already put them into /usr/local/samba/private/tls and samba had read
> > them
> > > I just get the error that my CA is untrusted  though I got my
> certificate
> > > signed by an intermediate CA. So probably it's somewhere my fault and
> not
> > > related to samba :)
> >
> > OK, not sure how it works with intermediate CAs.  Maybe you need to
> > have both root and intermediate CA certs in ca.pem, but I haven't
> > tried it.
> >
> > > 2013/4/26 Michael Wood <esiotrot at gmail.com>
> > >>
> > >> On 25 April 2013 15:38, Tim Vangehugten <timvangehugten at gmail.com>
> > wrote:
> > >> > Hello,
> > >> >
> > >> > Is it possible to load my signed certificate into samba4 ldap so the
> > >> > samba4
> > >> > ldap would use it if a client connects to it? And if so, could
> someone
> > >> > provide me with the details on howto do this or point me in the
> right
> > >> > direction?
> > >>
> > >> Yes.
> > >>
> > >> Make sure you have the GnuTLS development libraries installed before
> > >> compiling Samba.  Then put your CA cert, cert and key in
> > >> /usr/local/samba/private/tls.  They should be named ca.pem, cert.pem
> > >> and key.pem.
> > >>
> > >> I think you'll also need a DH params file.
> > >>
> > >> --
> > >> Michael Wood <esiotrot at gmail.com>
> > >
> > >
> >
> >
> >
> > --
> > Michael Wood <esiotrot at gmail.com>
> >
> --
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/options/samba
>


-- 
Michael De Groote
ICT-coordinator Sint-Pietersschool Korbeek-Lo
ICT-support Sancta Maria Basisschool Leuven