[Samba] LDAPS on DC

Fred Smith fs582087 at gmail.com
Mon Apr 20 00:17:35 MDT 2015


> Does the OpenSSL test connect, and if so with what result?
>
>   openssl s_client -showcerts -connect DC.EXAMPLE.COM:636

That seems to work, output below.

openssl s_client -showcerts -connect dc:636

CONNECTED(00000003)
depth=0 O = Samba Administration, OU = Samba - temporary autogenerated
certificate, CN = DC.samdom.example.org
verify error:num=18:self signed certificate
verify return:1
depth=0 O = Samba Administration, OU = Samba - temporary autogenerated
certificate, CN = DC.samdom.example.org
verify return:1
---
Certificate chain
 0 s:/O=Samba Administration/OU=Samba - temporary autogenerated
certificate/CN=DC.samdom.example.org
   i:/O=Samba Administration/OU=Samba - temporary autogenerated
certificate/CN=DC.samdom.example.org
-----BEGIN CERTIFICATE-----
-removed-
-----END CERTIFICATE-----
---
Server certificate
subject=/O=Samba Administration/OU=Samba - temporary autogenerated
certificate/CN=DC.samdom.example.org
issuer=/O=Samba Administration/OU=Samba - temporary autogenerated
certificate/CN=DC.samdom.example.org
---
Acceptable client certificate CA names
/O=Samba Administration/OU=Samba - temporary autogenerated
certificate/CN=DC.samdom.example.org
/O=Samba Administration/OU=Samba - temporary autogenerated
certificate/CN=DC.samdom.example.org
---
SSL handshake has read 1662 bytes and written 547 bytes
---
New, TLSv1/SSLv3, Cipher is DHE-RSA-AES256-SHA256
Server public key is 1024 bit
Secure Renegotiation IS supported
Compression: NONE
Expansion: NONE
SSL-Session:
    Protocol  : TLSv1.2
    Cipher    : DHE-RSA-AES256-SHA256
    Session-ID: -removed-
    Session-ID-ctx:
    Master-Key: -removed-
    Key-Arg   : None
    PSK identity: None
    PSK identity hint: None
    SRP username: None
    Start Time: 1429510401
    Timeout   : 300 (sec)
    Verify return code: 18 (self signed certificate)
---
^C


More information about the samba mailing list