[Samba] Is "tls cafile" ignored when ldap.conf is present?
Alex Korobkin
korobkin+smb at gmail.com
Fri May 9 10:17:44 MDT 2014
Hi all,
My CUPS+Samba printserver authenticates to an OpenLDAP server for Linux
clients, and to AD LDAP for Windows clients.
However, OpenLDAP and AD started to use different certificate chains, so I
need to tell Samba to use different root CA cert when talking to AD DC.
In ldap.conf I have
tls_reqcert demand
tls_cacert /usr/share/ca-certificates/ca-openldap.crt
In smb.conf I'm trying to add this line to [global]:
tls cafile = /etc/samba/tls/ca-ad.pem
testparm shows that Samba sees this line:
Server role: ROLE_DOMAIN_MEMBER
ldap ssl = start tls
ldap ssl ads = Yes
tls cafile = /etc/samba/tls/ca-ad.pem
However, it doesn't seem to have any effect. Samba still tries to
communicate with AD using ca-openldap.crt
What am I doing wrong here?
It's Samba 4.1.7 compiled with gnutls support on Ubuntu 12.04.
--
-Alex
More information about the samba
mailing list