Goos morning all, I compiled Samba 3.0.14a with OpenLDAP 2.1.22-0 directory. I then enabled TLS between Samba and OpenLDAP. The following tests succeeded: s_server to s_client --> OK slapd to s_client --> OK slapd to OPenLDAP client commands (ldapsearch..) --> OK The problem is the following: when I start Samba (service smb start), slapd output returns: TLS trace: SSL_accept:SSLv3 flush data tls_read: want=5, got=5 0000: 15 03 01 00 02 ..... tls_read: want=2, got=2 0000: 02 30 .0 TLS trace: SSL3 alert read:fatal:unknown CA TLS trace: SSL_accept:failed in SSLv3 read client certificate A TLS: can't accept. TLS: error:14094418:SSL routines:SSL3_READ_BYTES:tlsv1 alert unknown ca s3_pkt.c:1052 connection_read(14): TLS accept error error=-1 id=2, closing connection_closing: readying conn=2 sd=14 for close May anyone tell me what is going wrong? Thank you ___________________________________________________________________________ Appel audio GRATUIT partout dans le monde avec le nouveau Yahoo! Messenger T?l?chargez cette version sur fr.messenger.yahoo.com
Have you set : TLS_CACERT ldap.conf of openldap (not /etc/ldap.conf) The common name in certificat, is it a host name resolvable ? ----------------------------------- St?phane PURNELLE stephane.purnelle@corman.be Service Informatique Corman S.A. Tel : 00 32 087/342467 samba-bounces+stephane.purnelle=corman.be@lists.samba.org a ?crit sur 27/07/2005 11:02:58 :> Goos morning all, > > I compiled Samba 3.0.14a with OpenLDAP 2.1.22-0 > directory. I then enabled TLS between Samba and > OpenLDAP. > > The following tests succeeded: > s_server to s_client --> OK > slapd to s_client --> OK > slapd to OPenLDAP client commands (ldapsearch..) > --> OK > > The problem is the following: when I start Samba > (service smb start), slapd output returns: > > TLS trace: SSL_accept:SSLv3 flush data > tls_read: want=5, got=5 > 0000: 15 03 01 00 02 > ..... > tls_read: want=2, got=2 > 0000: 02 30 > .0 > TLS trace: SSL3 alert read:fatal:unknown CA > TLS trace: SSL_accept:failed in SSLv3 read client > certificate A > TLS: can't accept. > TLS: error:14094418:SSL > routines:SSL3_READ_BYTES:tlsv1 alert unknown ca > s3_pkt.c:1052 > connection_read(14): TLS accept error error=-1 id=2, > closing > connection_closing: readying conn=2 sd=14 for close > > > May anyone tell me what is going wrong? > > Thank you > > > > > > >___________________________________________________________________________> Appel audio GRATUIT partout dans le monde avec le nouveau Yahoo!Messenger> T?l?chargez cette version sur fr.messenger.yahoo.com > -- > To unsubscribe from this list go to the following URL and read the > instructions: lists.samba.org/mailman/listinfo/samba
Bahya NASSR EDDINE
2005-Jul-27 09:15 UTC
RE [Samba] TLS connections between Samba&OpenLDAP
> Have you set : > > TLS_CACERT ldap.conf of openldap (not > /etc/ldap.conf)No! I set it in /etc/ldap.conf.> The common name in certificat, is it a host name > resolvable ?Yes, it is. ___________________________________________________________________________ Appel audio GRATUIT partout dans le monde avec le nouveau Yahoo! Messenger T?l?chargez cette version sur fr.messenger.yahoo.com