search for: start_tls

...rom 12.2 to 12.4 and found that my happy little eventmachine processes die with: terminate called after throwing an instance of ''std::runtime_error'' what(): call SetTlsParms before calling StartTls Here''s what I believe is the relevant snippet of my code, which calls start_tls() in the connection_completed() callback: connection = EventMachine::Protocols::HttpClient2.connect(args) class << connection def connection_completed logger.debug4 { "Connected to " + dest_host } start_tls if @args[:ssl] supe...

Dear list, More questions on my PDC travels ;-) 1. Is it ok, with roaming profiles on, to leave "logon drive = " empty, as this drive seems to be confusing users? 2. All my ldap stuff is using tls, and I just want to confirm that "ldap ssl = start_tls" is looking in /etc/ldap.conf for certificate locations etc.? 3. Is all traffic between Windows clients and the Samba server encrypted, or can this be done/how? 4. Nowhere in Samba How-To or Samba-Guide did it say that the logon.bat (logon script, whatever you wish to name it) should be perm...

Hi, I've a problem in connecting samba 2.2.5 to LDAP with ldap ssl = start_tls. I've already patched the file pdb_ldap.c and configure.in and run autconf (as described in the Samba-LDAP-PDC howto). However, doing a rpcclient servername -U root%password -c "enumprinters" shows this in the log: [2002/08/23 16:50:44, 0] passdb/pdb_ldap.c:ldap_open_connection(...

> Message: 8 > Date: Mon, 24 Jun 2002 18:13:33 -0500 (CDT) > From: "Gerald (Jerry) Carter" <jerry@samba.org> > To: samba@samba.org > Subject: [Samba] patch for 2.2.5 and check for start_tls with OpenLDAP 2.0.x libs > > This message is in MIME format. The first part should be readable text, > while the remaining parts are likely unreadable without MIME-aware tools. > Send mail to mime@docserver.cac.washington.edu for more info. > > --8323328-1405770873-102496...

Hi everyone. Does anyone have any preferences or ideas for an interface for SSL certificates, both client-side and server-side? At present, the only interface is EventMachine::Connection#start_tls, which uses a built-in self-signed cert on the server side. On the cilent side, it accepts any well-formed cert (that is, it doesn''t check that the remote cert is signed by a trusted authority). I''m thinking of adding a very simple interface to EventMachine::Connection so you can...

...ash /etc/openldap/cacerts > > ?2. Make sure you know the difference between /etc/ldap.conf and > ? ? /etc/openldap/ldap.conf. The former is used by nss_ldap, the > ? ? latter by openldap clients. > > ?3. Does /etc/ldap.conf have all the correct TLS entries, e.g., > > ? ? ssl start_tls > ? ? tls_checkpeer yes > ? ? tls_cacertdir /etc/openldap/cacerts > > ? ? Additionally, I've had trouble using the "uri" directive > ? ? in /etc/ldap.conf, esp. with encrypted connections. The > ? ? "host" and "port" directives have worked better...

...oyner wrote: > I have 20+ freebsd 10 samba 4 servers joined to our local microsoft > active directory. At the moment things work well enough. However the > windows administrator wants to tighten his AD security by requiring tls > encrypted ldap. > > When I add: > ldap ssl = start_tls > ldap ssl ads = yes > cldap port = 389 > > the net ads commands fail: > net ads testjoin > Failed to issue the StartTLS instruction: Connect error > Failed to issue the StartTLS instruction: Connect error > Join to domain is not valid: NT code 0xfffffff5 > > Capturi...

FYI.... There is a bu in the configure script for 2.2.5 that prevents the script from locating the start_tls function in the OpenLDAP 2.0.x libs. Apply this patch and rerun autoconf. Should fix it. Patches configure.in and passdb/pdb_ldap.c Sorry for the inconvience. cheers, jerry --------------------------------------------------------------------- Hewlett-Packard...

hi, it seems when dovecot use ldap user and password databases it's not possible to use tls connection and certificate with the ldap connection. wouldn't it be possible to use the same certificate on the ldap connection as used in the ssl_{cert,key}_file parameters in the dovecot conf (or would be possible to use it's own cert in the ldap conf file? yours. -- Levente

...sysadmin role. I have set up OpenLDAP to authenticate our linux users and exim MTAs. This all works fine with OpenLDAP only providing a ldaps:/// connection on 636. However I cannot for the life of me get samba to speak tls to it. I've seen numerous suggestions of simply putting ldap ssl = start_tls or ldap ssl = on in the smb.conf file but neither do the trick my dev platform that doesn't use tls works fine. However I get the following responses from the above two options. with start_tls I get a not supported option [root@ki-14 source]# smbpasswd ritchiem New SMB password: Retype new...

I've encountered exact same issue as in this thread below, but I cannot figure out what the solution is https://lists.samba.org/archive/samba/2015-February/189012.html In short, my Samba 4.1.22 used to be a member of the domain, with these ldap ssl settings in the config: ldap ssl = start tls ldap ssl ads = Yes I've updated it to 4.3.8, and it now cannot talk to the domain, it shows

...have 20+ freebsd 10 samba 4 servers joined to our local microsoft >> active directory. At the moment things work well enough. However the >> windows administrator wants to tighten his AD security by requiring tls >> encrypted ldap. >> >> When I add: >> ldap ssl = start_tls >> ldap ssl ads = yes >> cldap port = 389 >> >> the net ads commands fail: >> net ads testjoin >> Failed to issue the StartTLS instruction: Connect error >> Failed to issue the StartTLS instruction: Connect error >> Join to domain is not valid: NT cod...

I have 20+ freebsd 10 samba 4 servers joined to our local microsoft active directory. At the moment things work well enough. However the windows administrator wants to tighten his AD security by requiring tls encrypted ldap. When I add: ldap ssl = start_tls ldap ssl ads = yes cldap port = 389 the net ads commands fail: net ads testjoin Failed to issue the StartTLS instruction: Connect error Failed to issue the StartTLS instruction: Connect error Join to domain is not valid: NT code 0xfffffff5 Capturing packets with wireshark shows the samba machine...

...; > I've tried this with two versions of samba: 3.6.25 (same version as the > working installation on the older server) and 4.2.3, and get the same issue > with both. > > My default config is using: > passdb backend = ldapsam:"ldap://ldap-server-fqdn" > ldap ssl = start_tls > > If I disable ssl in smb.conf with: > > ldap ssl = never > > then samba does start successfully - suggesting a certificate validation > issue. > > However, all my other ldap functions work fine over ssl, including pam, > nslcd, and a plain "ldapsearch -ZZ"...

Hi, i was the one who had problems with the start_tls function. I applied the patch yesterday. But now the compiling doesn't work anymore. This is what happens : --------snipp---------- [Lots of compiling output cut away] Linking bin/smbd passdb/pdb_ldap.o: In function `pdb_setsampwent': passdb/pdb_ldap.o(.text+0x1730): multiple definitio...

...nstruction: Connect error". I've tried this with two versions of samba: 3.6.25 (same version as the working installation on the older server) and 4.2.3, and get the same issue with both. My default config is using: passdb backend = ldapsam:"ldap://ldap-server-fqdn" ldap ssl = start_tls If I disable ssl in smb.conf with: ldap ssl = never then samba does start successfully - suggesting a certificate validation issue. However, all my other ldap functions work fine over ssl, including pam, nslcd, and a plain "ldapsearch -ZZ". Also curious is that if I disable certifi...

...uot;lauterbur.uoregon.edu" slavePort="389" # Master LDAP : needed for write operations # Ex: masterLDAP=127.0.0.1 ##masterLDAP="hahn.uoregon.edu" masterLDAP="lauterbur.uoregon.edu" masterPort="389" # Use TLS for LDAP # If set to 1, this option will use start_tls for connection # (you should also used the port 389) ldapTLS="1" # How to verify the server's certificate (none, optional or require) # see "man Net::LDAP" in start_tls section for more details verify="require" # CA certificate # see "man Net::LDAP" in...

On 1/5/2016 7:19 PM, Lee Brown wrote: > > A total guess would be to use either ldaps:// and don't bother with > start_tls, or add the :636 to the end of the ldap:// specification as it > seems to me that start_tls is pretty agnostic regarding whatever > protocol it works against (SMTP, LDAP, etc.). ie > > passdb backend = ldapsam:"ldaps://ldap-server-fqdn" > #ldap ssl = start_tls > > OR...

Hi. I am trying to get Samba 3.0.4, from tarball, working with Fedora Core 1. The problem is that I can't get LDAP authentication with either ssl or start_tls support. I tried compiling ldap on a plain install of fedora. I also tried compiling it after installing openssl-0.9.7d and openldap 2.2.11 clients and libraries from tarball. My ldap configuration of samba is as follows: idmap backend = ldapsam_compat:ldap://ldap.domain.tld...

...d from this intentionally. # Ex: slaveLDAP=127.0.0.1 slaveLDAP="127.0.0.1" slavePort="389" # Master LDAP : needed for write operations # Ex: masterLDAP=127.0.0.1 masterLDAP="127.0.0.1" masterPort="389" # Use TLS for LDAP # If set to 1, this option will use start_tls for connection # (you should also used the port 389) ldapTLS="0" # How to verify the server's certificate (none, optional or require) # see "man Net::LDAP" in start_tls section for more details verify="require" # CA certificate # see "man Net::LDAP" in...