search for: tls_checkpeer

...ummary =================== uri ldaps://pepsdc1.peps.local/ ldaps://pepsdc2.peps.local/ ldap_version 3 sudoers_base ou=SUDOers,dc=peps,dc=local binddn <bind user> bindpw <bind user pwd> bind_timelimit 3000 timelimit 3 ssl yes tls_checkpeer (no) tls_cacertdir /etc/openldap/cacerts/ =================== sudo: ldap_initialize(ld, ldaps://pepsdc1.peps.local/ ldaps://pepsdc2.peps.local/) sudo: ldap_set_option: debug -> 0 sudo: ldap_set_option: ldap_version -> 3 sudo: ldap_set_option: tls_checkpeer -> 0 sudo: ldap_set_option:...

...m on Google. Any other suggestions? Thanks! I'm running samba 3.0.33 on RHEL 5. /etc/ldap.conf (nss_ldap.conf on other distros): uri ldap://ldap.nebrwesleyan.edu base o=NebrWesleyan.edu,o=isp timelimit 30 bind_timelimit 30 bind_policy soft nss_initgroups_ignoreusers root,ldap ssl start_tls tls_checkpeer no The [global] section of smb.conf: [global] server string = Huxley workgroup = NWU_HUXLEY netbios name = Huxley log level = 1 log file = /var/log/samba/%U.%m.log max log size = 102400 add machine script = /usr/sbin/smbldap-useradd -t 10 -w '%m' bind interfaces only = true interfaces...

...e SDK LDAPS #ssl on # Netscape SDK SSL options #sslpath /etc/ssl/certs/cert7.db # OpenLDAP SSL mechanism # start_tls mechanism uses the normal LDAP port, LDAPS typically 636 ssl start_tls #ssl on # OpenLDAP SSL options # Require and verify server certificate (yes/no) # Default is "no" #tls_checkpeer yes # CA certificates for server certificate verification # At least one of these are required if tls_checkpeer is "yes" #tls_cacertfile /etc/ssl/ca.cert #tls_cacertdir /etc/ssl/certs # SSL cipher suite # See man ciphers for syntax #tls_ciphers TLSv1 # Client certificate and key # Use...

...shadow ou=people,dc=ourdomain,dc=com?one nss_base_group ou=group,dc=ourdomain,dc=com?one # OpenLDAP SSL mechanism # start_tls mechanism uses the normal LDAP port, LDAPS typically 636 ssl no # OpenLDAP SSL options # Require and verify server certificate (yes/no) #tls_checkpeer yes # CA certificates for server certificate verification tls_cacertfile /etc/openldap/cacerts/cacert.pem tls_cacertdir /etc/openldap/cacerts # Client certificate and key tls_cert /etc/openldap/cacerts/servercert.pem tls_key /etc/openldap/cacerts/serverkey.pem Relev...

...SSL options # Require and verify server certificate (yes/no) # Default is to use libldap's default behavior, which can be configured in # /etc/openldap/ldap.conf using the TLS_REQCERT setting. The default for # OpenLDAP 2.0 and earlier is "no", for 2.1 and later is "yes". #tls_checkpeer yes # CA certificates for server certificate verification # At least one of these are required if tls_checkpeer is "yes" #tls_cacertfile /etc/ssl/ca.cert #tls_cacertdir /etc/ssl/certs # SSL cipher suite # See man ciphers for syntax #tls_ciphers TLSv1 # Client certificate and key # Use the...

...shadow ou=people,dc=ourdomain,dc=com?one nss_base_group ou=group,dc=ourdomain,dc=com?one # OpenLDAP SSL mechanism # start_tls mechanism uses the normal LDAP port, LDAPS typically 636 ssl no # OpenLDAP SSL options # Require and verify server certificate (yes/no) #tls_checkpeer yes # CA certificates for server certificate verification tls_cacertfile /etc/openldap/cacerts/cacert.pem tls_cacertdir /etc/openldap/cacerts # Client certificate and key tls_cert /etc/openldap/cacerts/servercert.pem tls_key /etc/openldap/cacerts/serverkey.pem Relev...

...12 #TIMELIMIT 15 #DEREF never TLS_CACERT /usr/local/etc/openldap/server.pem # OpenLDAP SSL mechanism # start_tls mechanism uses the normal LDAP port, LDAPS typically 636 ssl start_tls # CA certificates for server certificate verification # At least one of these are required if tls_checkpeer is "yes" tls_cacertfile /usr/local/etc/openldap/server.pem #tls_cacertdir /etc/ssl/certs I?m very grateful for your answer Peter Nyberg Institutionen f?r Biokemi och Biofysik (DBB) Sv.Arrhenius v?gen 12 106 91 Stockholm Tel: 08-16 24 69 Mobil: 070 339 24 69 Fax 08 153679

...by * none Her's my ldap.conf HOST s2.dbb.su.se BASE dc=dbb,dc=su,dc=se rootbinddn cn=nssldap,ou=DSA,dc=dbb,sc=su,dc=se nss_base_passwd dc=dbb,dc=su,dc=se?sub nss_base_shadow dc=dbb,dc=su,dc=se?sub nss_base_group ou=Groups,dc=dbb,dc=su,dc=se?one pam_password md5 tls_checkpeer yes TLS_CACERT /etc/ldap/ca.pem TLS_REQCERT demand ssl start_tls tls_cert /etc/nss/nssldap.pem tls_key /etc/nss/nssldap.key I can neither login through ssh or login when TLSVerifyClient is set to demand or try. Please enlight me here. Thanks Peter Peter Nyberg Institutionen f?r Biokemi och Biof...

...ad by anonymous auth security tls=1 TLSCACertificateFile /etc/openldap/ca.crt TLSCertificateFile /etc/openldap/server.crt TLSCertificateKeyFile /etc/openldap/server.key TLSVerifyClient demand /etc/ldap.conf *********** uri ldap://yyyy.com host yyyy.com port 389 ssl start_tls tls_reqcert demand tls_checkpeer yes tls_cert /etc/openldap/server.crt tls_key /etc/openldap/server.key tls_cacertfile /etc/openldap/ca.crt base dc=xxxx,dc=xxxx,dc=com binddn cn=Manager,dc=xxxx,dc=xxxx,dc=com bindpw TTTTT nss_base_passwd ou=Users,dc=xxxx,dc=xxxx,dc=com?one nss_base_passwd ou=Computers,dc=xxxx,dc=xxxx,dc=com?on...

Hi ! We are planing on deploying an ldap master and replica to serve as our new authentication server for our soon to be RedHat cluster. But, we need to be able to function if the master is down for whatever reason. So, I tried to specify 2 servers in the setup-authentification servername section, separated by a comma, but it doesn't seem to work. So, is it possible to specifying 2 ldap

How do i get samba to accept a self signed certificate from my ldap server? I have a self signed CA that created a certifcate for my ldap server. I've added the CA to the openssl frame work. <ssl-base>certs/ca.pem and <ssl-base>certs/<ca hash>.0.pem Yet I still get errors from samba 3.0.2 Is it not possible? If I add in SSLeay libraries will that sort it? I beleived that

...) and added entries to /etc/pam_ldap.conf so it ends up looking like this: base dc=ad,dc=example,dc=com binddn "CN=Unix LDAP,OU=Service Accounts,DC=ad,DC=example,DC=com" bindpw "penguin5t0ry" pam_password md5 uri ldap://ad.example.com ssl no tls_cacertdir /etc/openldap/cacerts tls_checkpeer no Doing a search from the command line works: $ ldapsearch -x -H ldap://ad.example.com -D 'CN=Unix LDAP,OU=Service Accounts,DC=ad,DC=example,DC=com' -W cn=netdirect uidNumber gidNumber cn unixHomeDirectory Enter LDAP Password: # netdirect, Staff, ad.example.com dn: CN=netdirect,OU=Staf...

...nss_base_passwd ou=users,dc=aag?one nss_base_passwd ou=computers,dc=aag?one nss_base_shadow ou=users,dc=aag?one nss_base_group ou=groups,dc=aag?one TLS_CACERT /etc/ldap/certs/cacert.pem TLS_CERT /etc/ldap/certs/memberserver_cert.pem TLS_KEY /etc/ldap/certs/memberserver_key.pem TLS_CHECKPEER yes SSL start_tls TLS_REQCERT allow It make no difference if I activate TLS or not. ****************************** /etc/nsswitch.conf ****************************** passwd: files ldap winbind group: files ldap winbind shadow: files ldap winbind hosts:...

...etc/ldap.conf /usr/local/etc/ldap.conf -> nss_ldap.conf * Excerpt from the nss_ldap.conf file pam_password clear pam_password exop nss_base_passwd ou=People,dc=XXXX?one nss_base_passwd ou=Hosts,dc=XXXX?one nss_base_shadow ou=People,dc=XXXX?one nss_base_group ou=Group,dc=XXXX?one ssl start_tls tls_checkpeer yes -- /usr/local/etc/openldap/slapd.conf (the ldap server is on another box): -- moduleload smbk5pwd.so security tls=1 password-hash {CRYPT} password-crypt-salt-format "$1$%.8s" database bdb #(...) overlay smbk5pwd --

...supported # AuthPassword mappings #nss_map_attribute userPassword authPassword # OpenLDAP SSL mechanism # start_tls mechanism uses the normal LDAP port, LDAPS typically 636 ssl start_tls # ssl on # OpenLDAP SSL options # Require and verify server certificate (yes/no) # Default is "no" tls_checkpeer no TLS_REQCERT allow # CA certificates for server certificate verification # At least one of these are required if tls_checkpeer is "yes" # tls_cacertfile /etc/ssl/ca.cert # tls_cacertdir /etc/ssl/certs # tls_cacertdir /usr/local/certs/demoCA # tls_cacertfile /usr/local/certs/servercert...

...acerts > > ?2. Make sure you know the difference between /etc/ldap.conf and > ? ? /etc/openldap/ldap.conf. The former is used by nss_ldap, the > ? ? latter by openldap clients. > > ?3. Does /etc/ldap.conf have all the correct TLS entries, e.g., > > ? ? ssl start_tls > ? ? tls_checkpeer yes > ? ? tls_cacertdir /etc/openldap/cacerts > > ? ? Additionally, I've had trouble using the "uri" directive > ? ? in /etc/ldap.conf, esp. with encrypted connections. The > ? ? "host" and "port" directives have worked better for me. > > ?4. D...

...unfortunately nothing actually solves it. Here's my /etc/ldap.conf file: ################# ldap_version 3 base ou=people,o=xxx uri ldaps://server1.domain.be/ ldaps://server2.domain.be/ bind_policy soft scope sub timelimit 3 bind_timelimit 5 idle_timelimit 120 referrals no ssl start_tls ssl on tls_checkpeer yes tls_cacertdir /etc/openldap/cacerts ################# And the relevant nsswitch: ################# passwd: files ldap shadow: files ldap group: files ldap ################# So that's pretty straight forward. My LDAP systems are running fine, and I can authenticate to them. However, the p...

...mp;nbsp; base&nbsp;dc=xxxx,dc=com timelimit&nbsp;1 bind_timelimit&nbsp;1 nss_initgroups_ignoreusers&nbsp;root,ldap,named,avahi,haldaemon,dbus,radvd,tomcat,radiusd,news,mailman,nscd,gdm uri&nbsp;ldaps://auth1.xa.xxxx.com:636&nbsp;ldaps://auth2.xa.xxxx.com:636 ssl&nbsp;on tls_checkpeer&nbsp;yes tls_cacertdir&nbsp;/etc/openldap/cacerts tls_cacertfile&nbsp;/etc/openldap/cacerts/cacert.pem pam_password&nbsp;md5 bind_policy&nbsp;soft &nbsp; [root at xxxx&nbsp;~]#&nbsp;cat&nbsp;/etc/openldap/ldap.conf&nbsp; URI&nbsp;ldaps://auth1.xa.xxxx.c...

Hello, I'm trying to set up a centos 5.3 machine to do authentication via openldap. I've got it working, I'm not sure if I have it 100% right, but I can use ldapsearch to query the directory, use finger, id, chown, and other utilities with ldap usernames and groups, log in via ssh as an ldap user and if it's a new user automatically have the home directory created. Having got this

Hello, I have a central repository of users/groups based on OpenLDAP which is working on a remote LAN (servers share users credentials and mount their home directories via NFS). They use non-encrypted ldap restricted to the local network. Now, I have a few servers in our local office and I would like them to authenticate from the remote LDAP server using encryption via ldaps://. (at this stage,