I'm having trouble getting tls working. It used to work until I changed the smb.conf file to to poing to a different host. I think I have tracked it down to ldap servers ssl cert issuer(CA). I keep getting errors like "self signed certificate in certificate chain" while using openssl commands or a ldapsearch w/ tls and debug mode. So my question is... Where can I put a copy of my CA's cert. Everything workes fine with openssl command when I throw it a file the ca certs in it. What does samba/ldap use. Do I need to put it in the openssl stuff? Any help is appreciated.
For openldap it is (usually) specified in /usr/local/openldap/etc/openldap/ldap.conf WATCH OUT: if you have the padl stuff installed there are ( usually ) 2 ldap.conf files, one for openldap and 1 for padl These have very different syntaxes. You can use the following command to see which file is being used by openldap: # strace ldapsearch -x -D 'cn=manager,dc=example,dc=com' -b 'ou=people,dc=example.dc=com' -w secret | grep ldap.conf I believe that the config file directive is: TLS_CACERT /path/to/ca/cert.pem Jeff Saxton Sr. Support Engineer Addamark Technologies, Inc. http://www.addamark.com mailto:support@addamark.com CELL: +1 415-640-6392 -----Original Message----- From: samba-bounces+jeff.saxton=addamark.com@lists.samba.org [mailto:samba-bounces+jeff.saxton=addamark.com@lists.samba.org] On Behalf Of moof48@temple.edu Sent: Monday, August 30, 2004 11:38 AM To: samba@lists.samba.org Subject: [Samba] start tls problem I'm having trouble getting tls working. It used to work until I changed the smb.conf file to to poing to a different host. I think I have tracked it down to ldap servers ssl cert issuer(CA). I keep getting errors like "self signed certificate in certificate chain" while using openssl commands or a ldapsearch w/ tls and debug mode. So my question is... Where can I put a copy of my CA's cert. Everything workes fine with openssl command when I throw it a file the ca certs in it. What does samba/ldap use. Do I need to put it in the openssl stuff? Any help is appreciated. -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
I dont use the openldap service so I dont think setting it here would matter. Only the libraries. My Sun One systems are on other box's. Anyone else know where to put this CA cert for when samba uses tls? ---- Original message ---->Date: Mon, 30 Aug 2004 11:48:10 -0700 >From: "Jeff Saxton" <jsaxton@addamark.com> >Subject: RE: [Samba] start tls problem >To: <samba@lists.samba.org> >Cc: <moof48@temple.edu> > >For openldap it is (usually) specified in >/usr/local/openldap/etc/openldap/ldap.conf > >WATCH OUT: if you have the padl stuff installed there are (usually ) 2>ldap.conf files, one for openldap and 1 for padl >These have very different syntaxes. You can use thefollowing command>to see which file is being used by openldap: > ># strace ldapsearch -x -D 'cn=manager,dc=example,dc=com' -b >'ou=people,dc=example.dc=com' -w secret | grep ldap.conf > >I believe that the config file directive is: > >TLS_CACERT /path/to/ca/cert.pem > >Jeff Saxton >Sr. Support Engineer >Addamark Technologies, Inc. >http://www.addamark.com >mailto:support@addamark.com >CELL: +1 415-640-6392 > > >-----Original Message----- >From: samba-bounces+jeff.saxton=addamark.com@lists.samba.org >[mailto:samba-bounces+jeff.saxton=addamark.com@lists.samba.org] On>Behalf Of moof48@temple.edu >Sent: Monday, August 30, 2004 11:38 AM >To: samba@lists.samba.org >Subject: [Samba] start tls problem > > >I'm having trouble getting tls working. It used to work >until I changed the smb.conf file to to poing to adifferent>host. I think I have tracked it down to ldap servers ssl >cert issuer(CA). > >I keep getting errors like "self signed certificate in >certificate chain" while using openssl commands or a >ldapsearch w/ tls and debug mode. > >So my question is... Where can I put a copy of my CA's >cert. Everything workes fine with openssl command when I >throw it a file the ca certs in it. What does samba/ldap >use. Do I need to put it in the openssl stuff? Any helpis>appreciated. >-- >To unsubscribe from this list go to the following URL andread the>instructions: http://lists.samba.org/mailman/listinfo/samba >