[Samba] SSL Certificate

Vinicius Bones Silva vbs at e-trust.com.br
Wed Jan 11 20:54:21 UTC 2017 

you also forgot to use -x for a simple bind

Em 11/01/2017 15:14, Carlos A. P. Cunha via samba escreveu:
> Hello!
>
> Taking advantage of the email, I tried to make an ldap query with tls and I had an error ..
>
> Version Samba 4.4.4
>
> samba-tool testparm -v --suppress-prompt|grep tls
>         ldap ssl = start tls
>         tls cafile = tls/ca.pem
>         tls certfile = tls/cert.pem
>         tls crlfile =
>         tls dh params file =
>         tls enabled = Yes
>         tls keyfile = tls/key.pem
>         tls priority = NORMAL:-VERS-SSL3.0
>         tls verify peer = as_strict_as_possible
>
>
> ldapsearch -U USER -h ldaps://localhost -p636  -w PASS -b 
> dc=internal,dc=test,dc=com,dc=br -s sub '(objectClass=user)' givenName -LLL -n -N -Z
> ldap_start_tls: Connect error (-11)
>         additional info: (unknown error code)
> ldap_sasl_interactive_bind_s: Can't contact LDAP server (-1)
>         additional info: (unknown error code)
>
>
> What would be wrong?
>
>
>
> Em 11-01-2017 14:39, Rowland Penny via samba escreveu:
>> On Wed, 11 Jan 2017 11:09:15 -0500
>> Matthew Daubenspeck via samba <samba at lists.samba.org> wrote:
>>
>>> I'm using a Samba4 ADDC and just noticed that the SSL that was created
>>> at install time is about to expire. Is there something Samba specific
>>> to create a new certificate, or should I manually create a new one
>>> using openssl?
>>>
>>> Thanks!
>>>
>> Have a look here:
>> https://wiki.samba.org/index.php/Configuring_LDAP_over_SSL_%28LDAPS%29_on_a_Samba_AD_DC
>>
>> Rowland
>>
>

-- 

	
Vinicius Silva
SOC


BRA: + 55 51 2117.1000 | 55 11 5521.2021
USA: + 1 888 259.5801
vbs at e-trust.com.br
skype: vinicius.bones.silva

	







	Smiley face

www.e-trust.com.br <http://www.e-trust.com.br/>


Esta mensagem pode conter informações confidenciais ou privilegiadas. Se você recebeu esta 
mensagem por engano, você não deve usar, copiar, divulgar ou tomar qualquer atitude com 
base nestas informações. Solicitamos que você apague a mensagem imediatamente e avise a 
E-TRUST, enviando um e-mail para suporte at e-trust.com.br. Opiniões, conclusões ou 
informações contidas nesta mensagem não necessariamente refletem a posição oficial da 
E-TRUST. Caso assinada digitalmente, a autenticidade desta mensagem pode ser confirmada 
pela Autoridade Certificadora Privada E-TRUST, disponível em www.e-trust.com.br.

This message may contain privileged and confidential information for the use of the 
intended recipients only. If you are not an intended recipient then you should not 
disseminate, copy, or take any action based on its contents. If you have received this 
message in error then please notify E-TRUST by sending an e-mail message to 
suporte at e-trust.com.br immediately. Views and opinions expressed in this message do not 
necessarily reflect the position of E-TRUST. If this message is digitally signed, its 
authenticity can be confirmed by E-TRUST Private Certificate Authority, available at 
www.e-trust.com.br.

More information about the samba mailing list