[Samba] SSL Certificate

Carlos A. P. Cunha carlos.hollow at gmail.com
Wed Jan 11 17:14:23 UTC 2017


Taking advantage of the email, I tried to make an ldap query with tls 
and I had an error ..

Version Samba 4.4.4

samba-tool testparm -v --suppress-prompt|grep tls
         ldap ssl = start tls
         tls cafile = tls/ca.pem
         tls certfile = tls/cert.pem
         tls crlfile =
         tls dh params file =
         tls enabled = Yes
         tls keyfile = tls/key.pem
         tls priority = NORMAL:-VERS-SSL3.0
         tls verify peer = as_strict_as_possible

ldapsearch -U USER -h ldaps://localhost -p636  -w PASS -b 
dc=internal,dc=test,dc=com,dc=br -s sub '(objectClass=user)' givenName 
-LLL -n -N -Z
ldap_start_tls: Connect error (-11)
         additional info: (unknown error code)
ldap_sasl_interactive_bind_s: Can't contact LDAP server (-1)
         additional info: (unknown error code)

What would be wrong?

Em 11-01-2017 14:39, Rowland Penny via samba escreveu:
> On Wed, 11 Jan 2017 11:09:15 -0500
> Matthew Daubenspeck via samba <samba at lists.samba.org> wrote:
>> I'm using a Samba4 ADDC and just noticed that the SSL that was created
>> at install time is about to expire. Is there something Samba specific
>> to create a new certificate, or should I manually create a new one
>> using openssl?
>> Thanks!
> Have a look here:
> https://wiki.samba.org/index.php/Configuring_LDAP_over_SSL_%28LDAPS%29_on_a_Samba_AD_DC
> Rowland

More information about the samba mailing list