search for: tls_cacertfile

Displaying 20 results from an estimated 22 matches for "tls_cacertfile".

Did you mean: tls_ca_cert_file
2004 May 27
3
Samba Ldap tls/ssl problem
...SL_connect:error in SSLv3 read server certificate B TLS: can't connect. ldap_perror ldap_bind: Can't contact LDAP server (81) additional info: error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed As yo can see my ldap.conf contain both ssl start_tls and tls_cacertfile /usr/local/etc/openldap/server.pem. I created a CA certificate called server.pem on the ldap server with FQDN as ?Common Name?. I simply copied it to the Samba server. Both my ldap.conf looks like this: # $OpenLDAP: pkg/ldap/libraries/libldap/ldap.conf,v 1.9 2000/09/04 19:57:01 kurt Exp $ # # LDAP...
2010 Jul 20
1
nss_pam against centos-ds fails for non-root users
...tead /var/log/dirsrv/slapd-ldap/access the following lines appear: [20/Jul/2010:21:48:38 +0200] conn=14 fd=65 slot=65 SSL connection from 192.168.1.2 to 192.168.1.2. [20/Jul/2010:21:48:38 +0200] conn=14 op=-1 fd=65 closed - Encountered end of file. The only entries in my /etc/ldap.conf are those: tls_cacertfile /etc/nss/ca.example.org-cert.pem tls_cert /etc/nss/nss-cert.pem tls_key /etc/nss/nss-key.pem The nss-{key,cert}.pem may be used to bind at the following DN: dn: cn=nss,ou=Special Users,dc=example,dc=org objectClass: top objectClass: person cn: nss sn: nss Again: It works for user root! $ ls -l /...
2005 Apr 21
0
Problem with groups & joining domain.- LDAP
...ically 636 ssl start_tls # ssl on # OpenLDAP SSL options # Require and verify server certificate (yes/no) # Default is "no" tls_checkpeer no TLS_REQCERT allow # CA certificates for server certificate verification # At least one of these are required if tls_checkpeer is "yes" # tls_cacertfile /etc/ssl/ca.cert # tls_cacertdir /etc/ssl/certs # tls_cacertdir /usr/local/certs/demoCA # tls_cacertfile /usr/local/certs/servercert.pem # tls_cacertfile /usr/local/certs/cacert.pem tls_cacert /usr/local/certs/cacert.pem # Seed the PRNG if /dev/urandom is not provided #tls_randfile /var/run/egd-p...
2013 Feb 20
3
LDAP users/groups not showing up with nis, pam, & ldap
...c=com?one # OpenLDAP SSL mechanism # start_tls mechanism uses the normal LDAP port, LDAPS typically 636 ssl no # OpenLDAP SSL options # Require and verify server certificate (yes/no) #tls_checkpeer yes # CA certificates for server certificate verification tls_cacertfile /etc/openldap/cacerts/cacert.pem tls_cacertdir /etc/openldap/cacerts # Client certificate and key tls_cert /etc/openldap/cacerts/servercert.pem tls_key /etc/openldap/cacerts/serverkey.pem Relevant parts of /etc/pam.d/system-auth: auth required pam_env.so au...
2013 Feb 15
1
Problem with User and Group Ownership listing
...c=com?one # OpenLDAP SSL mechanism # start_tls mechanism uses the normal LDAP port, LDAPS typically 636 ssl no # OpenLDAP SSL options # Require and verify server certificate (yes/no) #tls_checkpeer yes # CA certificates for server certificate verification tls_cacertfile /etc/openldap/cacerts/cacert.pem tls_cacertdir /etc/openldap/cacerts # Client certificate and key tls_cert /etc/openldap/cacerts/servercert.pem tls_key /etc/openldap/cacerts/serverkey.pem Relevant parts of /etc/pam.d/system-auth: auth required pam_env.so au...
2018 Jun 08
2
samba4+squid3+ntlm
Hello: I have a squid3 with aunteticacion ntlm integrated to samba4 but in workstations with windows 8.1 constantly asked for the username and password and it does not let the user navigate, use debian 8 + samba 4.7.7, no idea because that happens in client with windows 7 works well. smb.conf workgroup = MYDOMINIO security = ads netbios name = srv-proxy server string = Servidor Proxy de
2017 Jul 11
2
LDAP authentication not working
...ldap protocols: db files ldap services: db files ldap ethers: db files ldap rpc: db files ldap netgroup: nis ldap aliases: ldap */etc/nslcd.conf* uid nslcd gid nslcd uri ldap://127.0.0.1/ base dc=example,dc=com pagesize 1000 referrals off ldap_version 3 tls_cacertfile /etc/ssl/certs/ca-certificates.crt I tried The samba service is running but with a warning: ● samba-ad-dc.service - Samba AD Daemon Loaded: loaded (/lib/systemd/system/samba-ad-dc.service; enabled; vendor preset: enabled) Active: active (running) since Mon 2017-07-10 12:12:06 CEST; 3h 11m...
2006 Jul 18
1
Weird statup probems TLS & SSL openldap and samba 3.0.23
...CertificateFile /etc/openldap/server.crt TLSCertificateKeyFile /etc/openldap/server.key TLSVerifyClient demand /etc/ldap.conf *********** uri ldap://yyyy.com host yyyy.com port 389 ssl start_tls tls_reqcert demand tls_checkpeer yes tls_cert /etc/openldap/server.crt tls_key /etc/openldap/server.key tls_cacertfile /etc/openldap/ca.crt base dc=xxxx,dc=xxxx,dc=com binddn cn=Manager,dc=xxxx,dc=xxxx,dc=com bindpw TTTTT nss_base_passwd ou=Users,dc=xxxx,dc=xxxx,dc=com?one nss_base_passwd ou=Computers,dc=xxxx,dc=xxxx,dc=com?one nss_base_shadow ou=Users,dc=xxxx,dc=xxxx,dc=com?one nss_base_group ou=Groups,dc...
2004 Feb 10
2
Self Signed SSL Certificate from ldap server
How do i get samba to accept a self signed certificate from my ldap server? I have a self signed CA that created a certifcate for my ldap server. I've added the CA to the openssl frame work. <ssl-base>certs/ca.pem and <ssl-base>certs/<ca hash>.0.pem Yet I still get errors from samba 3.0.2 Is it not possible? If I add in SSLeay libraries will that sort it? I beleived that
2005 May 05
2
Fwd: Follow Up - Problem with groups & joining domain.- LDAP
...ically 636 ssl start_tls # ssl on # OpenLDAP SSL options # Require and verify server certificate (yes/no) # Default is "no" tls_checkpeer no TLS_REQCERT allow # CA certificates for server certificate verification # At least one of these are required if tls_checkpeer is "yes" # tls_cacertfile /etc/ssl/ca.cert # tls_cacertdir /etc/ssl/certs # tls_cacertdir /usr/local/certs/demoCA # tls_cacertfile /usr/local/certs/servercert.pem # tls_cacertfile /usr/local/certs/cacert.pem tls_cacert /usr/local/certs/cacert.pem # Seed the PRNG if /dev/urandom is not provided #tls_randfile /var/run/egd-p...
2006 Oct 24
1
samba pdc with ldap backend setup problems
...ved> rootbinddn cn=Manager,dc=som,dc=com bind_timelimit 30 idle_timelimit 3600 pam_password exop nss_base_passwd ou=People,dc=som,dc=com?one nss_base_shadow ou=People,dc=som,dc=com?one nss_base_group ou=Group,dc=som,dc=com?one nss_initgroups_ignoreusers root,ldap ssl off tls_cacertfile /etc/pki/tls/certs/hypothalamus.cer ===== #my nsswitch.conf file passwd: files ldap shadow: files ldap group: files ldap hosts: files dns wins networks: files dns bootparams: files ethers: files netmasks: files networks: files protocols: files rpc: files se...
2011 Oct 26
1
Weird issue with samba 3.4.7
Hello All, I have samba version 3.3.2 installed on a system running Ubuntu Server 9.04 (32-bit). The users trying to mount the samba shares authenticate over the LDAP server. Here is how my configuration files look like, 1. /etc/samba/smb.conf [global] server string = %h server (Samba, Ubuntu) map to guest = Bad User obey pam restrictions = Yes pam password change = Yes passwd program
2010 Jun 10
1
operation on the client is slow when openldap servers are down
...it&nbsp;1 nss_initgroups_ignoreusers&nbsp;root,ldap,named,avahi,haldaemon,dbus,radvd,tomcat,radiusd,news,mailman,nscd,gdm uri&nbsp;ldaps://auth1.xa.xxxx.com:636&nbsp;ldaps://auth2.xa.xxxx.com:636 ssl&nbsp;on tls_checkpeer&nbsp;yes tls_cacertdir&nbsp;/etc/openldap/cacerts tls_cacertfile&nbsp;/etc/openldap/cacerts/cacert.pem pam_password&nbsp;md5 bind_policy&nbsp;soft &nbsp; [root at xxxx&nbsp;~]#&nbsp;cat&nbsp;/etc/openldap/ldap.conf&nbsp; URI&nbsp;ldaps://auth1.xa.xxxx.com:636&nbsp;ldaps://auth2.xa.xxxx.com:636 BASE&nbsp;dc=xxxx,dc=co...
2008 Aug 27
3
Solaris nss_ldap vs PADL nss_ldap
Hi All, Any thoughts on why, while everything seems ok at the OS level (getent , id -a ) Samba doesn't pickup any supplementary groups when Solaris is configured with 'group: files ldap' in nsswitch.conf and using it's own native nss_ldap.so.1 but does when using PADL's nss_ldap? Everything else is equal. Do they use/accept different calls or could it be an
2006 Nov 06
1
Samba with AD
...AP port, LDAPS typically 636 ssl start_tls #ssl on # OpenLDAP SSL options # Require and verify server certificate (yes/no) # Default is "no" #tls_checkpeer yes # CA certificates for server certificate verification # At least one of these are required if tls_checkpeer is "yes" #tls_cacertfile /etc/ssl/ca.cert #tls_cacertdir /etc/ssl/certs # SSL cipher suite # See man ciphers for syntax #tls_ciphers TLSv1 # Client certificate and key # Use these, if your server requires client authentication. #tls_cert #tls_key Any Tips what I am missing out on ????? I am trying to get authenticati...
2016 Dec 19
5
Problem with keytab: "Client not found in Kerberos database"
I am trying to use a keytab for a client machine to authenticate to Samba's own LDAP server. The samba servers (replicated) are ubuntu 16.04 with samba 4.5.2 compiled from source. The client machine is ubuntu 16.04 with stock samba 4.3.11. It has been joined directly to the Samba domain ("net ads join"). I have also extracted a keytab ("net ads keytab create -P")
2005 May 17
1
smbldap-tools broken pipe
...9;ve got login authentication working, my /etc/ldap.conf: ## LDAP configuration file for pam_ldap module. ##host 128.223.78.85 ##host 128.223.78.80 host lauterbur.uoregon.edu base dc=lcni,dc=uoregon,dc=edu scope sub timelimit 30 pam_login_attribute uid pam_filter_class posixAccount ssl start_tls tls_cacertfile /usr/local/etc/cacert.pem tls_ciphers HIGH pam_filter &(objectClass=posixAccount)(description=lauterbur) ##nss_base_passwd ou=people,dc=lcni,dc=uoregon,dc=edu nss_base_passwd ou=People,dc=lcni,dc=uoregon,dc=edu nss_base_passwd ou=Computers,dc=lcni,dc=uoregon,dc=edu ##nss_base_shadow ou=people...
2010 Nov 21
0
LDAP clients fail to connect with SSL enabled
...c/openldap/ldap.conf using the TLS_REQCERT setting. The default for # OpenLDAP 2.0 and earlier is "no", for 2.1 and later is "yes". #tls_checkpeer yes # CA certificates for server certificate verification # At least one of these are required if tls_checkpeer is "yes" #tls_cacertfile /etc/ssl/ca.cert #tls_cacertdir /etc/ssl/certs # SSL cipher suite # See man ciphers for syntax #tls_ciphers TLSv1 # Client certificate and key # Use these, if your server requires client authentication. #tls_cert #tls_key # SASL mechanism for PAM authentication - use is experimental # at present an...
2012 Jan 15
3
Samba 4 ldb_wrap open of idmap.ldb
...elimit. nslcd will close connections if the # server has not been contacted for the number of seconds. #idle_timelimit 3600 # Use StartTLS without verifying the server certificate. #ssl start_tls #tls_reqcert never # CA certificates for server certificate verification #tls_cacertdir /etc/ssl/certs #tls_cacertfile /etc/ssl/ca.cert # Seed the PRNG if /dev/urandom is not provided #tls_randfile /var/run/egd-pool # SSL cipher suite # See man ciphers for syntax #tls_ciphers TLSv1 # Client certificate and key # Use these, if your server requires client authentication. #tls_cert #tls_key # NDS mappings #map group u...
2008 Aug 26
4
Samba write performance in kernel
hi, I would like to know is it possible to make writing file to samba completely in kernel? I'm using a slow CPU (FA526) , and the memory copy is even slower. The reading performance is over 7 MB/s, with mmap and sendfile enabled, while writing is only 4-5 MB/s. Without mmap and sendfile, reading from samba is also about 4-5 MB/s. I use Oprofile to profile writing file to samba and found