[Samba] SSL Certificate
Vinicius Bones Silva
vbs at e-trust.com.br
Wed Jan 11 20:54:21 UTC 2017
you also forgot to use -x for a simple bind
Em 11/01/2017 15:14, Carlos A. P. Cunha via samba escreveu:
> Hello!
>
> Taking advantage of the email, I tried to make an ldap query with tls and I had an error ..
>
> Version Samba 4.4.4
>
> samba-tool testparm -v --suppress-prompt|grep tls
> ldap ssl = start tls
> tls cafile = tls/ca.pem
> tls certfile = tls/cert.pem
> tls crlfile =
> tls dh params file =
> tls enabled = Yes
> tls keyfile = tls/key.pem
> tls priority = NORMAL:-VERS-SSL3.0
> tls verify peer = as_strict_as_possible
>
>
> ldapsearch -U USER -h ldaps://localhost -p636 -w PASS -b
> dc=internal,dc=test,dc=com,dc=br -s sub '(objectClass=user)' givenName -LLL -n -N -Z
> ldap_start_tls: Connect error (-11)
> additional info: (unknown error code)
> ldap_sasl_interactive_bind_s: Can't contact LDAP server (-1)
> additional info: (unknown error code)
>
>
> What would be wrong?
>
>
>
> Em 11-01-2017 14:39, Rowland Penny via samba escreveu:
>> On Wed, 11 Jan 2017 11:09:15 -0500
>> Matthew Daubenspeck via samba <samba at lists.samba.org> wrote:
>>
>>> I'm using a Samba4 ADDC and just noticed that the SSL that was created
>>> at install time is about to expire. Is there something Samba specific
>>> to create a new certificate, or should I manually create a new one
>>> using openssl?
>>>
>>> Thanks!
>>>
>> Have a look here:
>> https://wiki.samba.org/index.php/Configuring_LDAP_over_SSL_%28LDAPS%29_on_a_Samba_AD_DC
>>
>> Rowland
>>
>
--
Vinicius Silva
SOC
BRA: + 55 51 2117.1000 | 55 11 5521.2021
USA: + 1 888 259.5801
vbs at e-trust.com.br
skype: vinicius.bones.silva
Smiley face
www.e-trust.com.br <http://www.e-trust.com.br/>
Esta mensagem pode conter informações confidenciais ou privilegiadas. Se você recebeu esta
mensagem por engano, você não deve usar, copiar, divulgar ou tomar qualquer atitude com
base nestas informações. Solicitamos que você apague a mensagem imediatamente e avise a
E-TRUST, enviando um e-mail para suporte at e-trust.com.br. Opiniões, conclusões ou
informações contidas nesta mensagem não necessariamente refletem a posição oficial da
E-TRUST. Caso assinada digitalmente, a autenticidade desta mensagem pode ser confirmada
pela Autoridade Certificadora Privada E-TRUST, disponível em www.e-trust.com.br.
This message may contain privileged and confidential information for the use of the
intended recipients only. If you are not an intended recipient then you should not
disseminate, copy, or take any action based on its contents. If you have received this
message in error then please notify E-TRUST by sending an e-mail message to
suporte at e-trust.com.br immediately. Views and opinions expressed in this message do not
necessarily reflect the position of E-TRUST. If this message is digitally signed, its
authenticity can be confirmed by E-TRUST Private Certificate Authority, available at
www.e-trust.com.br.
More information about the samba
mailing list