thr3ads.net - samba - [Samba] Is "tls cafile" ignored when ldap.conf is present? [May 2014]

If this information is useful, please help other people find it:
Share via:

Alex Korobkin

2014-May-09 16:17 UTC

[Samba] Is "tls cafile" ignored when ldap.conf is present?

Hi all,

My CUPS+Samba printserver authenticates to an OpenLDAP server for Linux
clients, and to AD LDAP for Windows clients.

However, OpenLDAP and AD started to use different certificate chains, so I
need to tell Samba to use different root CA cert when talking to AD DC.

In ldap.conf I have
 tls_reqcert demand
 tls_cacert /usr/share/ca-certificates/ca-openldap.crt

In smb.conf I'm trying to add this line to [global]:
 tls cafile = /etc/samba/tls/ca-ad.pem

testparm shows that Samba sees this line:

Server role: ROLE_DOMAIN_MEMBER
ldap ssl = start tls
 ldap ssl ads = Yes
tls cafile = /etc/samba/tls/ca-ad.pem

However, it doesn't seem to have any effect. Samba still tries to
communicate with AD using ca-openldap.crt

What am I doing wrong here?
It's Samba 4.1.7 compiled with gnutls support on Ubuntu 12.04.


-- 
-Alex

Maybe Matching Threads

Search for more possibly parallel threads

samba - May 2014 - Is "tls cafile" ignored when ldap.conf is present?

[Samba] Is "tls cafile" ignored when ldap.conf is present?

Maybe Matching Threads

Wisdom of the Ancients