Displaying 20 results from an estimated 22 matches for "tls_cacertfil".
Did you mean:
tls_cacertfile
2004 May 27
3
Samba Ldap tls/ssl problem
...SL_connect:error in SSLv3 read server certificate B
TLS: can't connect.
ldap_perror
ldap_bind: Can't contact LDAP server (81)
additional info: error:14090086:SSL
routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed
As yo can see my ldap.conf contain both ssl start_tls and tls_cacertfile
/usr/local/etc/openldap/server.pem.
I created a CA certificate called server.pem on the ldap server with FQDN as
?Common Name?. I simply copied it to the Samba server.
Both my ldap.conf looks like this:
# $OpenLDAP: pkg/ldap/libraries/libldap/ldap.conf,v 1.9 2000/09/04 19:57:01 kurt
Exp $
#
# LDA...
2010 Jul 20
1
nss_pam against centos-ds fails for non-root users
...tead /var/log/dirsrv/slapd-ldap/access the following lines appear:
[20/Jul/2010:21:48:38 +0200] conn=14 fd=65 slot=65 SSL connection from
192.168.1.2 to 192.168.1.2.
[20/Jul/2010:21:48:38 +0200] conn=14 op=-1 fd=65 closed - Encountered
end of file.
The only entries in my /etc/ldap.conf are those:
tls_cacertfile /etc/nss/ca.example.org-cert.pem
tls_cert /etc/nss/nss-cert.pem
tls_key /etc/nss/nss-key.pem
The nss-{key,cert}.pem may be used to bind at the following DN:
dn: cn=nss,ou=Special Users,dc=example,dc=org
objectClass: top
objectClass: person
cn: nss
sn: nss
Again: It works for user root!
$ ls -l...
2005 Apr 21
0
Problem with groups & joining domain.- LDAP
...ically 636
ssl start_tls
# ssl on
# OpenLDAP SSL options
# Require and verify server certificate (yes/no)
# Default is "no"
tls_checkpeer no
TLS_REQCERT allow
# CA certificates for server certificate verification
# At least one of these are required if tls_checkpeer is "yes"
# tls_cacertfile /etc/ssl/ca.cert
# tls_cacertdir /etc/ssl/certs
# tls_cacertdir /usr/local/certs/demoCA
# tls_cacertfile /usr/local/certs/servercert.pem
# tls_cacertfile /usr/local/certs/cacert.pem
tls_cacert /usr/local/certs/cacert.pem
# Seed the PRNG if /dev/urandom is not provided
#tls_randfile /var/run/egd-...
2013 Feb 20
3
LDAP users/groups not showing up with nis, pam, & ldap
...c=com?one
# OpenLDAP SSL mechanism
# start_tls mechanism uses the normal LDAP port, LDAPS typically 636
ssl no
# OpenLDAP SSL options
# Require and verify server certificate (yes/no)
#tls_checkpeer yes
# CA certificates for server certificate verification
tls_cacertfile /etc/openldap/cacerts/cacert.pem
tls_cacertdir /etc/openldap/cacerts
# Client certificate and key
tls_cert /etc/openldap/cacerts/servercert.pem
tls_key /etc/openldap/cacerts/serverkey.pem
Relevant parts of /etc/pam.d/system-auth:
auth required pam_env.so
a...
2013 Feb 15
1
Problem with User and Group Ownership listing
...c=com?one
# OpenLDAP SSL mechanism
# start_tls mechanism uses the normal LDAP port, LDAPS typically 636
ssl no
# OpenLDAP SSL options
# Require and verify server certificate (yes/no)
#tls_checkpeer yes
# CA certificates for server certificate verification
tls_cacertfile /etc/openldap/cacerts/cacert.pem
tls_cacertdir /etc/openldap/cacerts
# Client certificate and key
tls_cert /etc/openldap/cacerts/servercert.pem
tls_key /etc/openldap/cacerts/serverkey.pem
Relevant parts of /etc/pam.d/system-auth:
auth required pam_env.so
a...
2018 Jun 08
2
samba4+squid3+ntlm
Hello:
I have a squid3 with aunteticacion ntlm integrated to samba4 but in workstations with windows 8.1 constantly asked for the username and password and it does not let the user navigate, use debian 8 + samba 4.7.7, no idea because that happens in client with windows 7 works well.
smb.conf
workgroup = MYDOMINIO
security = ads
netbios name = srv-proxy
server string = Servidor Proxy de
2017 Jul 11
2
LDAP authentication not working
...ldap
protocols: db files ldap
services: db files ldap
ethers: db files ldap
rpc: db files ldap
netgroup: nis ldap
aliases: ldap
*/etc/nslcd.conf*
uid nslcd
gid nslcd
uri ldap://127.0.0.1/
base dc=example,dc=com
pagesize 1000
referrals off
ldap_version 3
tls_cacertfile /etc/ssl/certs/ca-certificates.crt
I tried
The samba service is running but with a warning:
● samba-ad-dc.service - Samba AD Daemon
Loaded: loaded (/lib/systemd/system/samba-ad-dc.service; enabled; vendor
preset: enabled)
Active: active (running) since Mon 2017-07-10 12:12:06 CEST; 3h 11...
2006 Jul 18
1
Weird statup probems TLS & SSL openldap and samba 3.0.23
...CertificateFile /etc/openldap/server.crt
TLSCertificateKeyFile /etc/openldap/server.key
TLSVerifyClient demand
/etc/ldap.conf
***********
uri ldap://yyyy.com
host yyyy.com
port 389
ssl start_tls
tls_reqcert demand
tls_checkpeer yes
tls_cert /etc/openldap/server.crt
tls_key /etc/openldap/server.key
tls_cacertfile /etc/openldap/ca.crt
base dc=xxxx,dc=xxxx,dc=com
binddn cn=Manager,dc=xxxx,dc=xxxx,dc=com
bindpw TTTTT
nss_base_passwd ou=Users,dc=xxxx,dc=xxxx,dc=com?one
nss_base_passwd ou=Computers,dc=xxxx,dc=xxxx,dc=com?one
nss_base_shadow ou=Users,dc=xxxx,dc=xxxx,dc=com?one
nss_base_group ou=Groups,d...
2004 Feb 10
2
Self Signed SSL Certificate from ldap server
How do i get samba to accept a self signed certificate from my ldap server?
I have a self signed CA that created a certifcate for my ldap server.
I've added the CA to the openssl frame work. <ssl-base>certs/ca.pem and
<ssl-base>certs/<ca hash>.0.pem
Yet I still get errors from samba 3.0.2
Is it not possible? If I add in SSLeay libraries will that sort it? I
beleived that
2005 May 05
2
Fwd: Follow Up - Problem with groups & joining domain.- LDAP
...ically 636
ssl start_tls
# ssl on
# OpenLDAP SSL options
# Require and verify server certificate (yes/no)
# Default is "no"
tls_checkpeer no
TLS_REQCERT allow
# CA certificates for server certificate verification
# At least one of these are required if tls_checkpeer is "yes"
# tls_cacertfile /etc/ssl/ca.cert
# tls_cacertdir /etc/ssl/certs
# tls_cacertdir /usr/local/certs/demoCA
# tls_cacertfile /usr/local/certs/servercert.pem
# tls_cacertfile /usr/local/certs/cacert.pem
tls_cacert /usr/local/certs/cacert.pem
# Seed the PRNG if /dev/urandom is not provided
#tls_randfile /var/run/egd-...
2006 Oct 24
1
samba pdc with ldap backend setup problems
...ved>
rootbinddn cn=Manager,dc=som,dc=com
bind_timelimit 30
idle_timelimit 3600
pam_password exop
nss_base_passwd ou=People,dc=som,dc=com?one
nss_base_shadow ou=People,dc=som,dc=com?one
nss_base_group ou=Group,dc=som,dc=com?one
nss_initgroups_ignoreusers root,ldap
ssl off
tls_cacertfile /etc/pki/tls/certs/hypothalamus.cer
=====
#my nsswitch.conf file
passwd: files ldap
shadow: files ldap
group: files ldap
hosts: files dns wins
networks: files dns
bootparams: files
ethers: files
netmasks: files
networks: files
protocols: files
rpc: files
s...
2011 Oct 26
1
Weird issue with samba 3.4.7
Hello All,
I have samba version 3.3.2 installed on a system running Ubuntu Server 9.04 (32-bit). The users trying to mount the samba shares authenticate over the LDAP server.
Here is how my configuration files look like,
1. /etc/samba/smb.conf
[global]
server string = %h server (Samba, Ubuntu)
map to guest = Bad User
obey pam restrictions = Yes
pam password change = Yes
passwd program
2010 Jun 10
1
operation on the client is slow when openldap servers are down
...it 1
nss_initgroups_ignoreusers root,ldap,named,avahi,haldaemon,dbus,radvd,tomcat,radiusd,news,mailman,nscd,gdm
uri ldaps://auth1.xa.xxxx.com:636 ldaps://auth2.xa.xxxx.com:636
ssl on
tls_checkpeer yes
tls_cacertdir /etc/openldap/cacerts
tls_cacertfile /etc/openldap/cacerts/cacert.pem
pam_password md5
bind_policy soft
[root at xxxx ~]# cat /etc/openldap/ldap.conf
URI ldaps://auth1.xa.xxxx.com:636 ldaps://auth2.xa.xxxx.com:636
BASE dc=xxxx,dc=c...
2008 Aug 27
3
Solaris nss_ldap vs PADL nss_ldap
Hi All,
Any thoughts on why, while everything seems ok at the OS level
(getent , id -a ) Samba
doesn't pickup any supplementary groups when Solaris is configured with
'group: files ldap' in
nsswitch.conf and using it's own native nss_ldap.so.1 but does when
using PADL's nss_ldap?
Everything else is equal.
Do they use/accept different calls or could it be an
2006 Nov 06
1
Samba with AD
...AP port, LDAPS typically 636
ssl start_tls
#ssl on
# OpenLDAP SSL options
# Require and verify server certificate (yes/no)
# Default is "no"
#tls_checkpeer yes
# CA certificates for server certificate verification
# At least one of these are required if tls_checkpeer is "yes"
#tls_cacertfile /etc/ssl/ca.cert
#tls_cacertdir /etc/ssl/certs
# SSL cipher suite
# See man ciphers for syntax
#tls_ciphers TLSv1
# Client certificate and key
# Use these, if your server requires client authentication.
#tls_cert
#tls_key
Any Tips what I am missing out on ????? I am trying to get authenticat...
2016 Dec 19
5
Problem with keytab: "Client not found in Kerberos database"
I am trying to use a keytab for a client machine to authenticate to
Samba's own LDAP server.
The samba servers (replicated) are ubuntu 16.04 with samba 4.5.2
compiled from source.
The client machine is ubuntu 16.04 with stock samba 4.3.11. It has been
joined directly to the Samba domain ("net ads join"). I have also
extracted a keytab ("net ads keytab create -P")
2005 May 17
1
smbldap-tools broken pipe
...9;ve got login authentication working, my /etc/ldap.conf:
## LDAP configuration file for pam_ldap module.
##host 128.223.78.85
##host 128.223.78.80
host lauterbur.uoregon.edu
base dc=lcni,dc=uoregon,dc=edu
scope sub
timelimit 30
pam_login_attribute uid
pam_filter_class posixAccount
ssl start_tls
tls_cacertfile /usr/local/etc/cacert.pem
tls_ciphers HIGH
pam_filter &(objectClass=posixAccount)(description=lauterbur)
##nss_base_passwd ou=people,dc=lcni,dc=uoregon,dc=edu
nss_base_passwd ou=People,dc=lcni,dc=uoregon,dc=edu
nss_base_passwd ou=Computers,dc=lcni,dc=uoregon,dc=edu
##nss_base_shadow ou=peopl...
2010 Nov 21
0
LDAP clients fail to connect with SSL enabled
...c/openldap/ldap.conf using the TLS_REQCERT setting. The default for
# OpenLDAP 2.0 and earlier is "no", for 2.1 and later is "yes".
#tls_checkpeer yes
# CA certificates for server certificate verification
# At least one of these are required if tls_checkpeer is "yes"
#tls_cacertfile /etc/ssl/ca.cert
#tls_cacertdir /etc/ssl/certs
# SSL cipher suite
# See man ciphers for syntax
#tls_ciphers TLSv1
# Client certificate and key
# Use these, if your server requires client authentication.
#tls_cert
#tls_key
# SASL mechanism for PAM authentication - use is experimental
# at present a...
2012 Jan 15
3
Samba 4 ldb_wrap open of idmap.ldb
...elimit. nslcd will close connections if the
# server has not been contacted for the number of seconds.
#idle_timelimit 3600
# Use StartTLS without verifying the server certificate.
#ssl start_tls
#tls_reqcert never
# CA certificates for server certificate verification
#tls_cacertdir /etc/ssl/certs
#tls_cacertfile /etc/ssl/ca.cert
# Seed the PRNG if /dev/urandom is not provided
#tls_randfile /var/run/egd-pool
# SSL cipher suite
# See man ciphers for syntax
#tls_ciphers TLSv1
# Client certificate and key
# Use these, if your server requires client authentication.
#tls_cert
#tls_key
# NDS mappings
#map group...
2008 Aug 26
4
Samba write performance in kernel
hi,
I would like to know is it possible to make writing file to samba completely in kernel?
I'm using a slow CPU (FA526) , and the memory copy is even slower. The reading performance is over 7 MB/s, with mmap and sendfile enabled, while writing is only 4-5 MB/s. Without mmap and sendfile, reading from samba is also about 4-5 MB/s. I use Oprofile to profile writing file to samba and found