similar to: tls verify peer with custom self-signed certificate

On 4/17/2018 3:56 AM, Marco Gaiarin via samba wrote: > Mandi! lingpanda101 via samba > In chel di` si favelave... > >>     When using a custom self-signed certificate, what is the appropriate >> value for 'tls verify peer ='? > ...AFAIk the same for every certificates; the CA's certificates have to > be in ''central store'', or have to be

Hi people, i have a problem with trying ldaps i use autogenerated self-signed certificate, i write in smb this: tls enabled = yes tls keyfile = tls/key.pem tls certfile = tls/cert.pem without cafile when i try to verify with: openssl verify /usr/local/samba/private/tls/myCert.pem it said me unable to verify the first certificate and if add -CApath works! and finally when i try from another

If I were guessing, based on some experience with certificate usage in other apps, concatenate your certificate and intermediate certificates into a single file which is then your "tls certfile" then point "tls cafile" to your issuers proper CA or just to your distro's CA bundle, e.g /etc/pki/tls/certs/ca-bundle.crt. Nick On 06/08/2020 16:36, MAS Jean-Louis via samba

Hi everyone, I have a basic SAMBA setup with a main AD DC ad1 and a backup AD DC ad2, running on Samba 4.5.16-Debian on Raspbian. I would now like to enable LDAPS so my users can authenticate in other non Samba services using Active Directory. From reading the documentation here: https://wiki.samba.org/index.php/Configuring_LDAP_over_SSL_(LDAPS)_on_a_Samba_AD_DC I understand that for the most

On 7/5/19 9:32 PM, John Runyon wrote: > On Fri, 5 Jul 2019 at 14:28, hw <hw at gc-24.de <mailto:hw at gc-24.de>> wrote: > > I thought about that and checked the configuration I've been using to > create the certificate, and I can't see anywhere that it would expire > earlier than after 3650 days.  Is there another way to check this? > >

You missing or : Smb.conf tls cafile = tls/ca.pem And/or ( showing the Debian steps ), the CA is missing in ca-certifcates.crt In : /etc/ldap/ldap.conf TLS_CACERT /etc/ssl/certs/ca-certificates.crt Steps todo. mkdir /usr/local/share/ca-certificates/personal-cert Put the root in that folder. Run : update-ca-certificates You need to install ca-certificates first. apt install

On 7/5/19 9:22 PM, Steve Murphy wrote: > hw-- > > I see this kind of behavior when the certificate expires... you've > probably checked this, but sometimes we > miss little details like that. I thought about that and checked the configuration I've been using to create the certificate, and I can't see anywhere that it would expire earlier than after 3650 days. Is

I have several samba servers on Debian 10 all using : samba 2:4.9.5+dfsg-5+deb10u1 amd64 I use tls cafile, tls certfile and tls keyfile with certificates from Sectigo (https://cert-manager.com) And when checking my connexion from the samba server, or from outside, I've got "unable to verify the first certificate" even if tls_cafile is provided in smb.conf. What is wrong

Hi, I found the following error message in the log.samba: [2020/04/20 16:32:33.168921, 1] ../../librpc/rpc/dcerpc_util.c:373(dcerpc_pull_auth_trailer) ../../librpc/rpc/dcerpc_util.c:373: ERROR: pad length mismatch. Calculated 44 got 0 It happens on all nodes on different times, but unfortunately I have no specific situation or action which causes this. We are currently using Samba version

Am 16. Juni 2019 um 15:53 Uhr +0300 schrieb Aki Tuomi via dovecot: > You will save yourself from world of hurt if you use a dummy ca to sign > you smartcard cert. You can try without generating a CRL. I see. I've done that now, but the effort required seems to be disproportionate. I'm just a single person. Requiring a full-blown CA setup is like cracking breakfast eggs with a

On Wed, 9 Aug 2017 08:39:30 -0700 Gregory Sloop <gregs at sloop.net> wrote: > AV> So i?m using dovecot, and i created a self signed certificate > AV> with mkcert.sh based on dovecot-openssl.cnf. The name in there matches > AV> my mail server. > > AV> The first time it connects in mac mail however, it says the > AV> certificate is invalid and another

Hello, Using Samba 4.7.6 (from standard repository) on Ubuntu 18.04. After recent update, winbind failed to update, until I disabled it (it didn't start anyway). When run as # winbindd -d 9 -i it prints in the end: server role = 'active directory domain controller' not compatible with running the winbindd binary. You should start 'samba' instead, and it will control

Dear List, I self-host my e-mail and run Dovecot since ever I do that. Dovecot version is 2.3.4.1 (f79e8e7e4), running on Debian testing. Now I am trying to configure Dovecot for client TLS certificates. I have a self-signed certificate whose private key resides on a smartcard (Yubikey, to be exact). I wanted Dovecot to accept that TLS client certificate instead of a password. So I searched and

L.P.H. van Belle via samba писал 2018-12-04 15:59: > Hai, > >> -----Oorspronkelijk bericht----- >> Van: samba [mailto:samba-bounces at lists.samba.org] Namens >> Konstantin Boyandin via samba >> Verzonden: dinsdag 4 december 2018 6:35 >> Aan: samba at lists.samba.org >> Onderwerp: [Samba] WinbinD no longer available in Samba 4.7.6 >> >>

Rowland Penny via samba писал 2018-12-04 17:17: > On Tue, 04 Dec 2018 16:45:43 +0700 > Konstantin Boyandin via samba <samba at lists.samba.org> wrote: > >> >> Are there possibly missing some winbind settings (the smb.conf has >> been generated by domain upgrade process). >> > > Sorry, but I do not believe that is true: True. The configuration

I have looked at let's encrypt. Key issue for me is having to add a lot python stuff that would otherwise not be on any server. Again, All CA's like "Let's Encrypt" - and others that are accepted by the "majors", e.g., Windows, Mozilla make it much easier for the "random" user to use anything you protect with SSL (better TLS) without them having to

On Mon, Jul 20, 2015 at 05:39:17PM +0530, Dhaval_Shah1@dell.com wrote: > Dell Customer Communication > > Hi everyone, > > I am trying to do a virsh using TLS Certificate. I am getting an error that "error: authentication failed: Failed to verify peer's certificate" > I am following the steps mentioned in the http://wiki.libvirt.org/page/TLSSetup > I have

Hello, I just configured a three-site DCs setup with Samba 4.6.0, and replication worked great. But then I added a custom cert to one of the DCs to authenticate various apps against it. I used this wiki https://wiki.samba.org/index. php/Configuring_LDAP_over_SSL_(LDAPS)_on_a_Samba_AD_DC Now I can authenticate my apps over LDAPS against my DC, but broke replication. How do I need to configure

Well, If you running with bind9_DLZ, you also should enable it. Based on what i see below, its not enable, you installed it your not done yet. ;-) Verify the settings ( debianize the paths ) https://wiki.samba.org/index.php/BIND9_DLZ_DNS_Back_End Then then its all done, reboot the server. Run this script, anonimized it and post the content to the list. Then i know all i want to know.

<!doctype html> <html> <head> <meta charset="UTF-8"> </head> <body> <div> <br> </div> <blockquote type="cite"> <div> On 16 June 2019 15:47 Marvin Gülker via dovecot < <a href="mailto:dovecot@dovecot.org">dovecot@dovecot.org</a>> wrote: </div>