[Samba] Possible incorrect file permissions in documentation for setting up Samba with LDAP(S)?
stephen at ogdenradar.com
Tue Apr 9 10:54:23 UTC 2019
This Samba release changelog
specifically mentions a security issue and that that the multiple *.pem
files needed for LDAP via TLS all need "special permissions" - and
mentions to delete old files without the required permissions to force
Yet in the official Samba documentation for setting up LDAPS here
it says only to set these special permissions on ONE of the generated
certificate *.pem files - the private key file. Is this definitely
correct? Should we not set root owner on the additional cert.pem and
I ask because I wanted to flag this. It seems like a contradiction and I
am concerned this might lead to insecure by default setups...
More information about the samba