How do i get samba to accept a self signed certificate from my ldap server? I have a self signed CA that created a certifcate for my ldap server. I've added the CA to the openssl frame work. <ssl-base>certs/ca.pem and <ssl-base>certs/<ca hash>.0.pem Yet I still get errors from samba 3.0.2 Is it not possible? If I add in SSLeay libraries will that sort it? I beleived that these were only used if requiring clients to use ssl to talk to the samba server. Any thoughts would be great. Cheers -- Martin Ritchie the Kelvin Institute 50, George Street Glasgow Scotland, UK G1 1QE www.kelvininstitute.com +44 (0) 141 548 5719
Gerald (Jerry) Carter
2004-Feb-10 16:06 UTC
[Samba] Self Signed SSL Certificate from ldap server
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Martin Ritchie wrote: | | How do i get samba to accept a self signed certificate | from my ldap server? You need the openldap client libs to accept the cert. See the howto at http://www.openldap.org/pub/ksoper/OpenLDAP_TLS_howto.html cheers, jerry -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.1 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFAKQGiIR7qMdg1EfYRAq4FAJ4o5DK7hc91h3s/O2mxo+Nz6kqblQCgnBLl 1AclssjspY+WVyvNHZZnR1A=bf3P -----END PGP SIGNATURE-----
Gerald (Jerry) Carter wrote:> -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > Martin Ritchie wrote: > | > | How do i get samba to accept a self signed certificate > | from my ldap server? > > You need the openldap client libs to accept the cert. > See the howto at > > http://www.openldap.org/pub/ksoper/OpenLDAP_TLS_howto.htmlI had the client libs set up to be the default i.e. tls_checkpeer was set to no. This worked fine for the nss_ldap client. I changed this to yes and gave the tls_cacertfile the ca file and things still worked for nss_ldap. However, I still get the same probelm with samba. Am I doing something wrong? While I know this seems to have more of a LDAP focus I believe the problem is else where. nss_ldap and pam_ldap both work fine with the /etc/ldap.conf settings yet samba 3.0.2 still gives a certificate error: error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed Does someone have a ldap/samba setup using SSL rather than TLS with self-signed certs? Cheers -- Martin Ritchie the Kelvin Institute 50, George Street Glasgow Scotland, UK G1 1QE www.kelvininstitute.com +44 (0) 141 548 5719