search for: crlfile

Hi, I have a smartcard which is revoked in the Certificate Revocation List (CRL) but I can still login. Seams like the CRL check is not performed. Any known bug around this? Server setup: - Samba 4.4 on Debian as AD DC - Created domain MYDOM - smb.conf (extract): tls enabled = yes tls crlfile = tls/mycrl.pem (default is to look under private/ folder) Client setup: - Windows 7 machine as client - Joined to the MYDOM domain - Login ok with both username/password and smartcards Smart card: - Principal name test123 at mydom.com (extended attribute) - Certificate with serial number 0x12ab...

...r.ubuntu.com --recv-keys E084DAB9 I am receiving the following error message though after updating the Synaptic package manager: Failed to fetch https://cran.revolutionanalytics.com/bin/linux/ubuntu/trusty/Packages server certificate verification failed. CAfile: /etc/ssl/certs/ca-certificates.crt CRLfile: none Any assistance that you can provide will be helpful. Thank you. Irucka Embry <span id=m2wTl><p><font face="Arial, Helvetica, sans-serif" size="2" style="font-size:13.5px">_______________________________________________________________<...

...ed on the 9th of January. It's giving an error via the browser and via the apt command in Debian: W: Failed to fetch https://repo.dovecot.org/ce-2.3-latest/debian/jessie/dists/jessie/main/binary-amd64/Packages? server certificate verification failed. CAfile: /etc/ssl/certs/ca-certificates.crt CRLfile: none Cheers! Filipe Carvalho -- UP Digital Filipe Carvalho Infraestruturas Tecnol?gicas / IT infrastructures filipec at uporto.pt <mailto:filipec at uporto.pt> -------------- next part -------------- An HTML attachment was scrubbed... URL: <https://dovecot.org/pipermail/dovecot/at...

...inbind use default domain = yes logging = syslog at 1 /var/log/samba/log.%m I've tested it with the following command and got the following error... root at server:/var/lib/samba/private/tls# ldbsearch -H ldaps://127.0.0.1 '(cn=admin)' objectClass -Uadmin TLS failed to missing crlfile - with 'tls verify peer = as_strict_as_possible' Failed to connect to ldap URL 'ldaps://127.0.0.1' - LDAP client internal error: NT_STATUS_INVALID_PARAMETER_MIX Failed to connect to 'ldaps://127.0.0.1' with backend 'ldaps': LDAP client internal error: NT_STATUS_INVA...

...n error via the browser and via the apt command in Debian: >> >> W: Failed to fetch >> https://repo.dovecot.org/ce-2.3-latest/debian/jessie/dists/jessie/main/binary-amd64/Packages? >> server certificate verification failed. CAfile: >> /etc/ssl/certs/ca-certificates.crt CRLfile: none >> >> Cheers! >> >> Filipe Carvalho >> >> -- >> >> UP Digital >> Filipe Carvalho >> >> Infraestruturas Tecnol?gicas / IT infrastructures >> >> filipec at uporto.pt <mailto:filipec at uporto.pt> >> >...

...) but I can still login. Seams like the CRL check is not performed. > Any > > known bug around this? > > > > Server setup: > > - Samba 4.4 on Debian as AD DC > > - Created domain MYDOM > > - smb.conf (extract): > > tls enabled = yes > > tls crlfile = tls/mycrl.pem (default is to look under private/ > folder) > > > CRL: > > - In file system: > > ..../private/tls/mycrl.pem > > > mycrl.pem > > - Contains serial number 0x12ab > > The Heimdal code doing the SmartCard stuff doens't know about the &gt...

...full_audit:priority = notice doing parameter tls enabled = yes doing parameter tls certfile = /var/lib/samba/private/tls/dc-cert.pem doing parameter tls keyfile = /var/lib/samba/private/tls/secure/dc-privkey.pem doing parameter tls cafile = /var/lib/samba/private/tls/cacert.pem doing parameter tls crlfile = /var/lib/samba/private/tls/mtz.desoft.cu.crl doing parameter tls dhparams file = /var/lib/samba/private/tls/dc-dhparams.pem doing parameter ntlm auth = yes doing parameter winbind max clients = 10000 doing parameter min protocol = SMB2 pm_process() returned Yes added interface eth1 ip=fd2d:bba0:d...

...= 9 # log level = 1 auth_audit:3 auth_json_audit:3 tls enabled = yes tls certfile = /var/lib/samba/private/tls/dc0-cert.pem tls keyfile = /var/lib/samba/private/tls/secure/dc0-privkey.pem tls cafile = /var/lib/samba/private/tls/cacert.pem tls cafile = /var/lib/samba/private/tls/interca.pem tls crlfile = /var/lib/samba/private/tls/rootca.crl tls crlfile = /var/lib/samba/private/tls/interca.crl tls dhparams file = /var/lib/samba/private/tls/dc0-dhparams.pem [sysvol] path = /var/lib/samba/sysvol read only = No [netlogon] path = /var/lib/samba/sysvol/test.example.de/scripts read only = No | Is...

...: None Start Time: 1497693590 Timeout : 300 (sec) Verify return code: 21 (unable to verify the first certificate) ... [global] ... ldap ssl = start tls ldap ssl ads = No tls cafile = tls/ca.pem tls certfile = tls/cert.pem tls crlfile = tls dh params file = tls enabled = Yes tls keyfile = tls/key.pem tls priority = NORMAL:-VERS-SSL3.0 tls verify peer = ca_and_name Version: samba 4.6.5 Best regards, Supporter 3eb

Hello! Taking advantage of the email, I tried to make an ldap query with tls and I had an error .. Version Samba 4.4.4 samba-tool testparm -v --suppress-prompt|grep tls ldap ssl = start tls tls cafile = tls/ca.pem tls certfile = tls/cert.pem tls crlfile = tls dh params file = tls enabled = Yes tls keyfile = tls/key.pem tls priority = NORMAL:-VERS-SSL3.0 tls verify peer = as_strict_as_possible ldapsearch -U USER -h ldaps://localhost -p636 -w PASS -b dc=internal,dc=test,dc=com,dc=br -s sub '(objec...

...t; It's giving an error via the browser and via the apt command in Debian: > > W: Failed to fetch > https://repo.dovecot.org/ce-2.3-latest/debian/jessie/dists/jessie/main/binary-amd64/Packages? > server certificate verification failed. CAfile: > /etc/ssl/certs/ca-certificates.crt CRLfile: none > > Cheers! > > Filipe Carvalho > > -- > > UP Digital > Filipe Carvalho > > Infraestruturas Tecnol?gicas / IT infrastructures > > filipec at uporto.pt <mailto:filipec at uporto.pt> > Amazing this certbot thing... [Unit] Description=Certbot Do...

...ser and via the apt command in Debian: >>> >>> W: Failed to fetch >>> https://repo.dovecot.org/ce-2.3-latest/debian/jessie/dists/jessie/main/binary-amd64/Packages? >>> server certificate verification failed. CAfile: >>> /etc/ssl/certs/ca-certificates.crt CRLfile: none >>> >>> Cheers! >>> >>> Filipe Carvalho >>> >>> -- >>> >>> UP Digital >>> Filipe Carvalho >>> >>> Infraestruturas Tecnol?gicas / IT infrastructures >>> >>> filipec at uporto.p...

...Yes # Allow Opportunistic locks kernel oplocks = yes # Allow SMB2 Leases smb2 leases = yes # Add and Update TLS Key tls enabled = yes tls keyfile = tls/sambaKey.pem tls certfile = tls/sambaCert.pem tls cafile = #tls crlfile = #tls dh parms file = [netlogon] path = /usr/local/samba/var/locks/sysvol/cimg.local/scripts read only = No [sysvol] path = /usr/local/samba/var/locks/sysvol read only = No -- -James

...re #Disable CUPS Printing load printers = No printcap name = /dev/null disable spoolss = Yes # Add and Update TLS Key tls enabled = yes tls keyfile = tls/sambaKey.pem tls certfile = tls/sambaCert.pem tls cafile = #tls crlfile = #tls dh parms file = include = /usr/local/samba/etc/smb.conf.client-%I [netlogon] path = /usr/local/samba/var/locks/sysvol/samba.local/scripts read only = No [sysvol] path = /usr/local/samba/var/locks/sysvol read only = No -- -James

I'm using a Samba4 ADDC and just noticed that the SSL that was created at install time is about to expire. Is there something Samba specific to create a new certificate, or should I manually create a new one using openssl? Thanks!

...puter ? > > > > > tls enabled = yes > > tls certfile = /var/lib/samba/private/tls/dc-cert.pem > > tls keyfile = > /var/lib/samba/private/tls/secure/dc-privkey.pem > > tls cafile = /var/lib/samba/private/tls/cacert.pem > > tls crlfile = /var/lib/samba/private/tls/mtz.desoft.cu.crl > > tls dhparams file = /var/lib/samba/private/tls/dc-dhparams.pem > > > > You could try recreating the cert files. > > Rowland > > > -- > To unsubscribe from this list go to the following URL and read th...

...; > > performed. > > Any > > > known bug around this? > > > > > > Server setup: > > > - Samba 4.4 on Debian as AD DC > > > - Created domain MYDOM > > > - smb.conf (extract): > > > tls enabled = yes > > > tls crlfile = tls/mycrl.pem (default is to look under private/ > > folder) > > > > > CRL: > > > - In file system: > > > ..../private/tls/mycrl.pem > > > > mycrl.pem > > > - Contains serial number 0x12ab > > > > The Heimdal code doing the S...

...omedir = /home/%U > template shell = /bin/bash > dns forwarder = 172.16.1.254 > tls keyfile = /var/lib/samba/private/tls/secure/dc-privkey.pem > tls certfile = /var/lib/samba/private/tls/dc-cert.pem > tls cafile = /var/lib/samba/private/tls/cacert.pem > tls crlfile = /var/lib/samba/private/tls/authserver.crl > tls dh params file = /var/lib/samba/private/tls/dcdhparams.pem > rpc_server:tcpip = no > rpc_daemon:spoolssd = embedded > rpc_server:spoolss = embedded > rpc_server:winreg = embedded > rpc_server:ntsvcs = embedd...

...allow dns updates = nonsecure server services = -dns log level = 3 host msdfs = yes tls enabled = yes tls keyfile = /usr/local/samba/private/tls/sambaKey.pem tls certfile = /usr/local/samba/private/tls/sambaCert.pem tls cafile = #tls crlfile = #tls dh params file = # Auditsettings full_audit:prefix = %u|%I|%S full_audit:failure = connect full_audit:success = connect disconnect opendir mkdir rmdir closedir open close read pread write pwrite sendfile rename unlink chmod fchmod chown fchown chdir f...

...; > > > known bug around this? > > > > > > > > Server setup: > > > > - Samba 4.4 on Debian as AD DC > > > > - Created domain MYDOM > > > > - smb.conf (extract): > > > > tls enabled = yes > > > > tls crlfile = tls/mycrl.pem (default is to look under private/ > > > folder) > > > > > > > CRL: > > > > - In file system: > > > > ..../private/tls/mycrl.pem > > > > > mycrl.pem > > > > - Contains serial number 0x12ab > > &gt...