search for: tls_cacertfile

...SL_connect:error in SSLv3 read server certificate B TLS: can't connect. ldap_perror ldap_bind: Can't contact LDAP server (81) additional info: error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed As yo can see my ldap.conf contain both ssl start_tls and tls_cacertfile /usr/local/etc/openldap/server.pem. I created a CA certificate called server.pem on the ldap server with FQDN as ?Common Name?. I simply copied it to the Samba server. Both my ldap.conf looks like this: # $OpenLDAP: pkg/ldap/libraries/libldap/ldap.conf,v 1.9 2000/09/04 19:57:01 kurt Exp $ # # LDAP...

...tead /var/log/dirsrv/slapd-ldap/access the following lines appear: [20/Jul/2010:21:48:38 +0200] conn=14 fd=65 slot=65 SSL connection from 192.168.1.2 to 192.168.1.2. [20/Jul/2010:21:48:38 +0200] conn=14 op=-1 fd=65 closed - Encountered end of file. The only entries in my /etc/ldap.conf are those: tls_cacertfile /etc/nss/ca.example.org-cert.pem tls_cert /etc/nss/nss-cert.pem tls_key /etc/nss/nss-key.pem The nss-{key,cert}.pem may be used to bind at the following DN: dn: cn=nss,ou=Special Users,dc=example,dc=org objectClass: top objectClass: person cn: nss sn: nss Again: It works for user root! $ ls -l /...

...ically 636 ssl start_tls # ssl on # OpenLDAP SSL options # Require and verify server certificate (yes/no) # Default is "no" tls_checkpeer no TLS_REQCERT allow # CA certificates for server certificate verification # At least one of these are required if tls_checkpeer is "yes" # tls_cacertfile /etc/ssl/ca.cert # tls_cacertdir /etc/ssl/certs # tls_cacertdir /usr/local/certs/demoCA # tls_cacertfile /usr/local/certs/servercert.pem # tls_cacertfile /usr/local/certs/cacert.pem tls_cacert /usr/local/certs/cacert.pem # Seed the PRNG if /dev/urandom is not provided #tls_randfile /var/run/egd-p...

...c=com?one # OpenLDAP SSL mechanism # start_tls mechanism uses the normal LDAP port, LDAPS typically 636 ssl no # OpenLDAP SSL options # Require and verify server certificate (yes/no) #tls_checkpeer yes # CA certificates for server certificate verification tls_cacertfile /etc/openldap/cacerts/cacert.pem tls_cacertdir /etc/openldap/cacerts # Client certificate and key tls_cert /etc/openldap/cacerts/servercert.pem tls_key /etc/openldap/cacerts/serverkey.pem Relevant parts of /etc/pam.d/system-auth: auth required pam_env.so au...

...c=com?one # OpenLDAP SSL mechanism # start_tls mechanism uses the normal LDAP port, LDAPS typically 636 ssl no # OpenLDAP SSL options # Require and verify server certificate (yes/no) #tls_checkpeer yes # CA certificates for server certificate verification tls_cacertfile /etc/openldap/cacerts/cacert.pem tls_cacertdir /etc/openldap/cacerts # Client certificate and key tls_cert /etc/openldap/cacerts/servercert.pem tls_key /etc/openldap/cacerts/serverkey.pem Relevant parts of /etc/pam.d/system-auth: auth required pam_env.so au...

Hello: I have a squid3 with aunteticacion ntlm integrated to samba4 but in workstations with windows 8.1 constantly asked for the username and password and it does not let the user navigate, use debian 8 + samba 4.7.7, no idea because that happens in client with windows 7 works well. smb.conf workgroup = MYDOMINIO security = ads netbios name = srv-proxy server string = Servidor Proxy de

...ldap protocols: db files ldap services: db files ldap ethers: db files ldap rpc: db files ldap netgroup: nis ldap aliases: ldap */etc/nslcd.conf* uid nslcd gid nslcd uri ldap://127.0.0.1/ base dc=example,dc=com pagesize 1000 referrals off ldap_version 3 tls_cacertfile /etc/ssl/certs/ca-certificates.crt I tried The samba service is running but with a warning: ● samba-ad-dc.service - Samba AD Daemon Loaded: loaded (/lib/systemd/system/samba-ad-dc.service; enabled; vendor preset: enabled) Active: active (running) since Mon 2017-07-10 12:12:06 CEST; 3h 11m...

...CertificateFile /etc/openldap/server.crt TLSCertificateKeyFile /etc/openldap/server.key TLSVerifyClient demand /etc/ldap.conf *********** uri ldap://yyyy.com host yyyy.com port 389 ssl start_tls tls_reqcert demand tls_checkpeer yes tls_cert /etc/openldap/server.crt tls_key /etc/openldap/server.key tls_cacertfile /etc/openldap/ca.crt base dc=xxxx,dc=xxxx,dc=com binddn cn=Manager,dc=xxxx,dc=xxxx,dc=com bindpw TTTTT nss_base_passwd ou=Users,dc=xxxx,dc=xxxx,dc=com?one nss_base_passwd ou=Computers,dc=xxxx,dc=xxxx,dc=com?one nss_base_shadow ou=Users,dc=xxxx,dc=xxxx,dc=com?one nss_base_group ou=Groups,dc...

How do i get samba to accept a self signed certificate from my ldap server? I have a self signed CA that created a certifcate for my ldap server. I've added the CA to the openssl frame work. <ssl-base>certs/ca.pem and <ssl-base>certs/<ca hash>.0.pem Yet I still get errors from samba 3.0.2 Is it not possible? If I add in SSLeay libraries will that sort it? I beleived that

...ically 636 ssl start_tls # ssl on # OpenLDAP SSL options # Require and verify server certificate (yes/no) # Default is "no" tls_checkpeer no TLS_REQCERT allow # CA certificates for server certificate verification # At least one of these are required if tls_checkpeer is "yes" # tls_cacertfile /etc/ssl/ca.cert # tls_cacertdir /etc/ssl/certs # tls_cacertdir /usr/local/certs/demoCA # tls_cacertfile /usr/local/certs/servercert.pem # tls_cacertfile /usr/local/certs/cacert.pem tls_cacert /usr/local/certs/cacert.pem # Seed the PRNG if /dev/urandom is not provided #tls_randfile /var/run/egd-p...

...ved> rootbinddn cn=Manager,dc=som,dc=com bind_timelimit 30 idle_timelimit 3600 pam_password exop nss_base_passwd ou=People,dc=som,dc=com?one nss_base_shadow ou=People,dc=som,dc=com?one nss_base_group ou=Group,dc=som,dc=com?one nss_initgroups_ignoreusers root,ldap ssl off tls_cacertfile /etc/pki/tls/certs/hypothalamus.cer ===== #my nsswitch.conf file passwd: files ldap shadow: files ldap group: files ldap hosts: files dns wins networks: files dns bootparams: files ethers: files netmasks: files networks: files protocols: files rpc: files se...

Hello All, I have samba version 3.3.2 installed on a system running Ubuntu Server 9.04 (32-bit). The users trying to mount the samba shares authenticate over the LDAP server. Here is how my configuration files look like, 1. /etc/samba/smb.conf [global] server string = %h server (Samba, Ubuntu) map to guest = Bad User obey pam restrictions = Yes pam password change = Yes passwd program

...it&nbsp;1 nss_initgroups_ignoreusers&nbsp;root,ldap,named,avahi,haldaemon,dbus,radvd,tomcat,radiusd,news,mailman,nscd,gdm uri&nbsp;ldaps://auth1.xa.xxxx.com:636&nbsp;ldaps://auth2.xa.xxxx.com:636 ssl&nbsp;on tls_checkpeer&nbsp;yes tls_cacertdir&nbsp;/etc/openldap/cacerts tls_cacertfile&nbsp;/etc/openldap/cacerts/cacert.pem pam_password&nbsp;md5 bind_policy&nbsp;soft &nbsp; [root at xxxx&nbsp;~]#&nbsp;cat&nbsp;/etc/openldap/ldap.conf&nbsp; URI&nbsp;ldaps://auth1.xa.xxxx.com:636&nbsp;ldaps://auth2.xa.xxxx.com:636 BASE&nbsp;dc=xxxx,dc=co...

Hi All, Any thoughts on why, while everything seems ok at the OS level (getent , id -a ) Samba doesn't pickup any supplementary groups when Solaris is configured with 'group: files ldap' in nsswitch.conf and using it's own native nss_ldap.so.1 but does when using PADL's nss_ldap? Everything else is equal. Do they use/accept different calls or could it be an

...AP port, LDAPS typically 636 ssl start_tls #ssl on # OpenLDAP SSL options # Require and verify server certificate (yes/no) # Default is "no" #tls_checkpeer yes # CA certificates for server certificate verification # At least one of these are required if tls_checkpeer is "yes" #tls_cacertfile /etc/ssl/ca.cert #tls_cacertdir /etc/ssl/certs # SSL cipher suite # See man ciphers for syntax #tls_ciphers TLSv1 # Client certificate and key # Use these, if your server requires client authentication. #tls_cert #tls_key Any Tips what I am missing out on ????? I am trying to get authenticati...

I am trying to use a keytab for a client machine to authenticate to Samba's own LDAP server. The samba servers (replicated) are ubuntu 16.04 with samba 4.5.2 compiled from source. The client machine is ubuntu 16.04 with stock samba 4.3.11. It has been joined directly to the Samba domain ("net ads join"). I have also extracted a keytab ("net ads keytab create -P")

...9;ve got login authentication working, my /etc/ldap.conf: ## LDAP configuration file for pam_ldap module. ##host 128.223.78.85 ##host 128.223.78.80 host lauterbur.uoregon.edu base dc=lcni,dc=uoregon,dc=edu scope sub timelimit 30 pam_login_attribute uid pam_filter_class posixAccount ssl start_tls tls_cacertfile /usr/local/etc/cacert.pem tls_ciphers HIGH pam_filter &(objectClass=posixAccount)(description=lauterbur) ##nss_base_passwd ou=people,dc=lcni,dc=uoregon,dc=edu nss_base_passwd ou=People,dc=lcni,dc=uoregon,dc=edu nss_base_passwd ou=Computers,dc=lcni,dc=uoregon,dc=edu ##nss_base_shadow ou=people...

...c/openldap/ldap.conf using the TLS_REQCERT setting. The default for # OpenLDAP 2.0 and earlier is "no", for 2.1 and later is "yes". #tls_checkpeer yes # CA certificates for server certificate verification # At least one of these are required if tls_checkpeer is "yes" #tls_cacertfile /etc/ssl/ca.cert #tls_cacertdir /etc/ssl/certs # SSL cipher suite # See man ciphers for syntax #tls_ciphers TLSv1 # Client certificate and key # Use these, if your server requires client authentication. #tls_cert #tls_key # SASL mechanism for PAM authentication - use is experimental # at present an...

...elimit. nslcd will close connections if the # server has not been contacted for the number of seconds. #idle_timelimit 3600 # Use StartTLS without verifying the server certificate. #ssl start_tls #tls_reqcert never # CA certificates for server certificate verification #tls_cacertdir /etc/ssl/certs #tls_cacertfile /etc/ssl/ca.cert # Seed the PRNG if /dev/urandom is not provided #tls_randfile /var/run/egd-pool # SSL cipher suite # See man ciphers for syntax #tls_ciphers TLSv1 # Client certificate and key # Use these, if your server requires client authentication. #tls_cert #tls_key # NDS mappings #map group u...

hi, I would like to know is it possible to make writing file to samba completely in kernel? I'm using a slow CPU (FA526) , and the memory copy is even slower. The reading performance is over 7 MB/s, with mmap and sendfile enabled, while writing is only 4-5 MB/s. Without mmap and sendfile, reading from samba is also about 4-5 MB/s. I use Oprofile to profile writing file to samba and found