[Samba] Possible incorrect file permissions in documentation for setting up Samba with LDAP(S)?

Stephen stephen at ogdenradar.com
Tue Apr 9 10:54:23 UTC 2019

Hi All,

This Samba release changelog 
specifically mentions a security issue and that that the multiple *.pem 
files needed for LDAP via TLS all need "special permissions" - and 
mentions to delete old files without the required permissions to force 
file renewal.

Yet in the official Samba documentation for setting up LDAPS here 
it says only to set these special permissions on ONE of the generated 
certificate *.pem files - the private key file. Is this definitely 
correct? Should we not set root owner on the additional cert.pem and 
ca.pem too?

I ask because I wanted to flag this. It seems like a contradiction and I 
am concerned this might lead to insecure by default setups...

Stephen Ellwood

More information about the samba mailing list