how to set up a file server with samba 3.5 and openldap with ssl support in debian. thanks
Am 02.08.2011 23:37, schrieb Eliano Le?o:> how to set up a file server with samba 3.5 and openldap with ssl > support in debian. > > thankshi, http://wiki.debian.org/LDAP/OpenLDAPSetup cheers juergen
> in debian.Since slapd is compiled with GnuTLS in Debian, you will run into problems (I did): http://www.openldap.org/lists/openldap-devel/200802/msg00072.html I recompiled Debian openldap source package with openssl. # apt-get build-dep openldap # apt-get source openldap # apt-get install libssl-dev cd to openldap source dir edit debian/configure.options find "--with-tls", and change it to "--with-tls=openssl". # dpkg-buildpackage -us -uc And then you need self-signed certs and two lines in your slapd.conf. Note: I haven't actually installed recompiled packages yet, so I don't know if it helps. But if you try it, please let me know :) -- Sent from my PC.
2011/8/4 <samba-request at lists.samba.org>> I have installed SAMBA + OpenLDAP + TLS successfully with the debian > packages. There is no need to rebuild openldap from scratch. > My config : > > Debian Queeze amd64 > OpenLDAP: slapd 2.4.23 (Jun 15 2011 13:31:57) > Samba v3.5.6 > OpenSSL 0.9.8o 01 Jun 2010 >http://packages.debian.org/squeeze/slapd Depends: libgnutls26 When you are trying to do syncrepl with startls or ldaps:// between 2 Debian boxes and use self-signed certs, then it doesn't work. When you are using LDAP-client compiled with OpenSSL, then it works, because client tries to verify certs, not server and OpenSSL is more sane when it comes to self-signed certs. Yes, I tried that CA.pl/sh script to create own CA, debugged with gnutls utils and did lots of other stuff and every time I got verification errors. But this problem is OpenLDAP (debian package) related, not Samba. -- Sent from my PC.