Goos morning all,
I compiled Samba 3.0.14a with OpenLDAP 2.1.22-0
directory. I then enabled TLS between Samba and
OpenLDAP.
The following tests succeeded:
s_server to s_client --> OK
slapd to s_client --> OK
slapd to OPenLDAP client commands (ldapsearch..)
--> OK
The problem is the following: when I start Samba
(service smb start), slapd output returns:
TLS trace: SSL_accept:SSLv3 flush data
tls_read: want=5, got=5
0000: 15 03 01 00 02
.....
tls_read: want=2, got=2
0000: 02 30
.0
TLS trace: SSL3 alert read:fatal:unknown CA
TLS trace: SSL_accept:failed in SSLv3 read client
certificate A
TLS: can't accept.
TLS: error:14094418:SSL
routines:SSL3_READ_BYTES:tlsv1 alert unknown ca
s3_pkt.c:1052
connection_read(14): TLS accept error error=-1 id=2,
closing
connection_closing: readying conn=2 sd=14 for close
May anyone tell me what is going wrong?
Thank you
___________________________________________________________________________
Appel audio GRATUIT partout dans le monde avec le nouveau Yahoo! Messenger
T?l?chargez cette version sur http://fr.messenger.yahoo.com
Have you set : TLS_CACERT ldap.conf of openldap (not /etc/ldap.conf) The common name in certificat, is it a host name resolvable ? ----------------------------------- St?phane PURNELLE stephane.purnelle@corman.be Service Informatique Corman S.A. Tel : 00 32 087/342467 samba-bounces+stephane.purnelle=corman.be@lists.samba.org a ?crit sur 27/07/2005 11:02:58 :> Goos morning all, > > I compiled Samba 3.0.14a with OpenLDAP 2.1.22-0 > directory. I then enabled TLS between Samba and > OpenLDAP. > > The following tests succeeded: > s_server to s_client --> OK > slapd to s_client --> OK > slapd to OPenLDAP client commands (ldapsearch..) > --> OK > > The problem is the following: when I start Samba > (service smb start), slapd output returns: > > TLS trace: SSL_accept:SSLv3 flush data > tls_read: want=5, got=5 > 0000: 15 03 01 00 02 > ..... > tls_read: want=2, got=2 > 0000: 02 30 > .0 > TLS trace: SSL3 alert read:fatal:unknown CA > TLS trace: SSL_accept:failed in SSLv3 read client > certificate A > TLS: can't accept. > TLS: error:14094418:SSL > routines:SSL3_READ_BYTES:tlsv1 alert unknown ca > s3_pkt.c:1052 > connection_read(14): TLS accept error error=-1 id=2, > closing > connection_closing: readying conn=2 sd=14 for close > > > May anyone tell me what is going wrong? > > Thank you > > > > > > >___________________________________________________________________________> Appel audio GRATUIT partout dans le monde avec le nouveau Yahoo!Messenger> T?l?chargez cette version sur http://fr.messenger.yahoo.com > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/listinfo/samba
Bahya NASSR EDDINE
2005-Jul-27 09:15 UTC
RE [Samba] TLS connections between Samba&OpenLDAP
> Have you set : > > TLS_CACERT ldap.conf of openldap (not > /etc/ldap.conf)No! I set it in /etc/ldap.conf.> The common name in certificat, is it a host name > resolvable ?Yes, it is. ___________________________________________________________________________ Appel audio GRATUIT partout dans le monde avec le nouveau Yahoo! Messenger T?l?chargez cette version sur http://fr.messenger.yahoo.com