search for: ca_cert

...mgmt=WPA-EAP eap=PEAP identity="peter" #anonymous_identity="anonymous" password="asecurepassword" phase2="autheap=MSCHAPV2" # # Uncomment the following to perform server certificate validation. ca_cert="/usr/local/freeradius/etc/raddb/certs/ca.der" } ==================== The result is failed. Is there anything I did wrongly? Kinglok, Fong

...heir windows machine: "Configuration information could not be read from the domain controller, either machine is unavailable or access is denied" Our Samba PDC has LDAP backend. We have the following /etc/ldap/ldap.conf BASE dc=testdomain URI ldap://192.168.1.1 TLS_CACERT /etc/ldap/ca_certs.pem TLS_REQCERT allow access to attribute=userPassword by: access to attrs=userPassword,sambaNTPassword,sambaLMPassword smb.conf for the smldap-tools bit is here add user script = /usr/sbin/smbldap-useradd -m '%u' passwd program = /usr/sbin/smbldap-passwd -u "%u"...

Today I've been trying to get dovecot (1.0 rc2) to use certificates for client side authentication. If my memory serves right, beta8 had no problems with it (although it was some time ago and on different machine). Similar setup works perfectly well for postfix (for authentication that is, on the same machine). Originally I thought I overdid some certificate settings (keyUsage, nsCertType,

...abort: <function worker_abort at 0x2847500> loglevel: debug bind: [':8080'] raw_env: [] initgroups: False capture_output: False reload: False limit_request_field_size: 8190 nworkers_changed: <function nworkers_changed at 0x2847cf8> timeout: 30 keyfile: None ca_certs: None tmp_upload_dir: None backlog: 2048 logger_class: gunicorn.glogging.Logger [2017-11-07 10:29:04 +0000] [30982] [INFO] Starting gunicorn 19.7.1 [2017-11-07 10:29:04 +0000] [30982] [DEBUG] Arbiter booted [2017-11-07 10:29:04 +0000] [30982] [INFO] Listening at: http://0.0.0.0:8080 (30982)...

...adable" % f - - ctx = SSL.Context(SSL.SSLv3_METHOD) # SSLv3 only + #ctx = SSL.Context(SSL.SSLv3_METHOD) # SSLv3 only + ctx = SSL.Context(SSL.TLSv1_METHOD) # TLSv1 only ctx.use_certificate_file(key_and_cert) ctx.use_privatekey_file(key_and_cert) ctx.load_client_ca(ca_cert) @@ -45,7 +46,8 @@ verify = SSL.VERIFY_PEER | SSL.VERIFY_FAIL_IF_NO_PEER_CERT ctx.set_verify(verify, our_verify) ctx.set_verify_depth(10) - - ctx.set_options(SSL.OP_NO_SSLv2 | SSL.OP_NO_TLSv1) + #ctx.set_options(SSL.OP_NO_SSLv2 | SSL.OP_NO_TLSv1) + ctx.set_options(SSL.OP_NO_...

...calhost:389 ldap_new_socket: 4 ldap_prepare_socket: 4 ldap_connect_to_host: Trying ::1 389 ldap_pvt_connect: fd: 4 tm: -1 async: 0 attempting to connect: connect success ldap_open_defconn: successful Following is /etc/ldap/ldap.conf BASE dc=mytest URI ldap://mypdc.mytest TLS_CACERT /etc/ldap/ca_certs.pem TLS_REQCERT allow Smb.conf #LDAP passdb backend = ldapsam:ldap://mypdc.mytest ldap admin dn = cn=admin,dc=mytest ldap suffix = dc=mytest ldap group suffix = ou=groups ldap machine suffix = ou=computers ldap user suffix = ou=users idmap backend = ldap ldap idmap suffix = ou=i...

Hello, I'm stuck with receiving an encrypted email from IMAP server. My getmail configuration is (getmail --dump): getmail configuration: ? getmail version 5.6 ? Python version 2.7.15 (default, Jun 27 2018, 13:05:28) [GCC 8.1.1 20180531] ? retriever:? SimpleIMAPSSLRetriever(ca_certs="None", certfile="None", getmaildir="/home/peter/.getmail/", keyfile="None", mailboxes="('ALL',)", move_on_delete="None", password="*", password_command="()", port="993", record_mailbox="True&...

...adable" % f - - ctx = SSL.Context(SSL.SSLv3_METHOD) # SSLv3 only + #ctx = SSL.Context(SSL.SSLv3_METHOD) # SSLv3 only + ctx = SSL.Context(SSL.TLSv1_METHOD) # TLSv1 only ctx.use_certificate_file(key_and_cert) ctx.use_privatekey_file(key_and_cert) ctx.load_client_ca(ca_cert) @@ -45,7 +46,8 @@ verify = SSL.VERIFY_PEER | SSL.VERIFY_FAIL_IF_NO_PEER_CERT ctx.set_verify(verify, our_verify) ctx.set_verify_depth(10) - - ctx.set_options(SSL.OP_NO_SSLv2 | SSL.OP_NO_TLSv1) + #ctx.set_options(SSL.OP_NO_SSLv2 | SSL.OP_NO_TLSv1) + ctx.set_options(SSL.OP_NO_...

...domain names are real ones. > > I ran the commands you suggested, nothing in reply. I tried ldapi:// > and ldap://sam3dc.mydomain . > > Let me run through what I did , > /etc/ldap/ldap.conf: > BASE dc=mydomain > URI ldap://sam3dc.mydomain > TLS_CACERT /etc/ldap/ca_certs.pem > > Imported the samba.ldif from the 3.6.25 binaries. > > Imported the indices > > dn: olcDatabase={1}hdb,cn=config > changetype: modify > add: olcDbIndex > olcDbIndex: ou eq > olcDbIndex: mail eq > olcDbIndex: surname eq > olcDbIndex: givenname eq > o...

...th as I read it breaks the domain trust. The domain names are real ones. I ran the commands you suggested, nothing in reply. I tried ldapi:// and ldap://sam3dc.mydomain . Let me run through what I did , /etc/ldap/ldap.conf: BASE dc=mydomain URI ldap://sam3dc.mydomain TLS_CACERT /etc/ldap/ca_certs.pem Imported the samba.ldif from the 3.6.25 binaries. Imported the indices dn: olcDatabase={1}hdb,cn=config changetype: modify add: olcDbIndex olcDbIndex: ou eq olcDbIndex: mail eq olcDbIndex: surname eq olcDbIndex: givenname eq olcDbIndex: loginShell eq olcDbIndex: uniqueMember eq,pres olcDbIn...

Hello, cannot fetch mails from an IMAP folder because of the error in the subject - fetching always stops with SIGABRT. Could anybody help me, please? Kind regards Peter

...? From: Mark H. Wood? Subject: Re: JVM keystores and CA It has one attachment. Data found by browser interface. Kind regards Peter getmail configuration: ? getmail version 5.6 ? Python version 2.7.15 (default, Jun 27 2018, 13:05:28) [GCC 8.1.1 20180531] ? retriever:? SimpleIMAPSSLRetriever(ca_certs="None", certfile="None", getmaildir="/home/peter/.getmail/", keyfile="None", mailboxes="('ALL',)", move_on_delete="None", password="*", password_command="()", port="993", record_mailbox="True&...

...-b dc=afrika,dc=xx -s sub "sambasid=$SID-500" dn Enter LDAP Password: dn: uid=Administrator,ou=people,ou=accounts,dc=afrika,dc=xx > > Let me run through what I did , > /etc/ldap/ldap.conf: > BASE dc=mydomain > URI ldap://sam3dc.mydomain > TLS_CACERT /etc/ldap/ca_certs.pem > > Imported the samba.ldif from the 3.6.25 binaries. > > Imported the indices > > dn: olcDatabase={1}hdb,cn=config > changetype: modify > add: olcDbIndex > olcDbIndex: ou eq > olcDbIndex: mail eq > olcDbIndex: surname eq > olcDbIndex: givenname eq > o...

...p://server01.suntech idmap config *: ldap_base_dn = ou=idmap,dc=suntech idmap config *: ldap_user_dn = cn=admin,dc=suntech ldap delete dn = yes ldap password sync = yes ldap ssl = start tls Here is the PDC, ldap.conf BASE dc=suntech URI ldap://server01.suntech TLS_CACERT /etc/ldap/ca_certs.pem #TLS_REQCERT demand When running the ldapsearch from within the PDC we get the following ldapwhoami -H ldap://server01.suntech -x -ZZ anonymous When running the full ldapsearch from within the PDC we get the following ldapsearch -x -ZZ -h server01.suntech -b dc=suntech -s sub -D cn=admin,dc...

...: > > dn: uid=Administrator,ou=people,ou=accounts,dc=afrika,dc=xx > > > > > > > > > > Let me run through what I did , > > > /etc/ldap/ldap.conf: > > > BASE dc=mydomain > > > URI ldap://sam3dc.mydomain > > > TLS_CACERT /etc/ldap/ca_certs.pem > > > > > > Imported the samba.ldif from the 3.6.25 binaries. > > > > > > Imported the indices > > > > > > dn: olcDatabase={1}hdb,cn=config > > > changetype: modify > > > add: olcDbIndex > > > olcDbIndex: ou eq &g...

I had our production systems running on rc23, however we ran into problems when the server was under heavy load. Eventually, the server would begin to freeze all imap connection after authentication (according to the logs). A user would connect, authentication would succeed, and then the connection would sit until timing out. No error logs were produced. Upgrading to rc24 did not

Hi Harry, When I install slapd , I didn't get the option to use MDB, so used hdb I went through your suggestions and cleaned up the smb.conf. Also added the unixidpool ldif dn: sambaDomainName=mydomain,dc=mydomain sambaDomainName: mydomain sambaSID: S-1-5-21-3936576374-1604348213-1812434911 sambaAlgorithmicRidBase: 1000 objectClass: sambaDomain objectClass: sambaUnixIdPool