Displaying 19 results from an estimated 19 matches for "tls_key".
2006 Jul 18
1
Weird statup probems TLS & SSL openldap and samba 3.0.23
...39;ve included the configuration files for samba and ldap.
I've hid the actual hostname and DIT. Thanks!
/etc/openldap/ldap.conf
**********************
URI ldaps://yyyy.com <-
BASE dc=xxxx,dc=xxxx,dc=com
TLS_REQCERT demand
TLS_CACERT /etc/openldap/ca.crt
TLS_CERT /etc/openldap/server.crt
TLS_KEY /etc/openldap/server.key
/etc/openldap/slap.conf
******************
include /etc/openldap/schema/core.schema
include /etc/openldap/schema/cosine.schema
include /etc/openldap/schema/inetorgperson.schema
include /etc/openldap/schema/nis.schema
include /etc/op...
2017 Jan 26
0
[nbdkit PATCH v2 4/6] plugins: Add new nbdkit_set_error() utility function
...n a reply.
*
* The main thread does not have any associated TLS, *unless* it is
* serving a request (the '-s' option).
@@ -56,6 +58,7 @@ struct tls {
size_t instance_num; /* Can be 0. */
struct sockaddr *addr;
socklen_t addrlen;
+ int err;
};
static pthread_key_t tls_key;
@@ -150,3 +153,24 @@ tls_get_instance_num (void)
return tls->instance_num;
}
+
+void
+tls_set_error (int err)
+{
+ struct tls *tls = pthread_getspecific (tls_key);
+
+ if (tls)
+ tls->err = err;
+ else
+ errno = err;
+}
+
+int
+tls_get_error (void)
+{
+ int err = errno;
+ str...
2010 Jul 20
1
nss_pam against centos-ds fails for non-root users
...:21:48:38 +0200] conn=14 fd=65 slot=65 SSL connection from
192.168.1.2 to 192.168.1.2.
[20/Jul/2010:21:48:38 +0200] conn=14 op=-1 fd=65 closed - Encountered
end of file.
The only entries in my /etc/ldap.conf are those:
tls_cacertfile /etc/nss/ca.example.org-cert.pem
tls_cert /etc/nss/nss-cert.pem
tls_key /etc/nss/nss-key.pem
The nss-{key,cert}.pem may be used to bind at the following DN:
dn: cn=nss,ou=Special Users,dc=example,dc=org
objectClass: top
objectClass: person
cn: nss
sn: nss
Again: It works for user root!
$ ls -l /etc/ldap.conf /etc/nss/
-rw-r--r-- 1 root root 9186 Jul 20 22:05 /etc/ld...
2013 Aug 05
1
TLS between winbind and openldap
...comment = Home directories
browseable = yes
writable = yes
create mask = 0640
directory mask = 0750
valid users = %S
##/etc/ldap/ldap.conf
URI ldap://omv.domain.local
TLS_CACERT /etc/ssl/certs/ca-certificates.crt
TLS_REQCERT demand
##/root/ldaprc
TLS_CERT /etc/ssl/certs/omv-domain-local.crt
TLS_KEY /etc/ssl/private/omv-domain-local.key
Let me say also that ca-certificates.crt contains the certificate for my
self signed authority.
What am I missing to make it run smootly ?
2013 Feb 20
3
LDAP users/groups not showing up with nis, pam, & ldap
...ify server certificate (yes/no)
#tls_checkpeer yes
# CA certificates for server certificate verification
tls_cacertfile /etc/openldap/cacerts/cacert.pem
tls_cacertdir /etc/openldap/cacerts
# Client certificate and key
tls_cert /etc/openldap/cacerts/servercert.pem
tls_key /etc/openldap/cacerts/serverkey.pem
Relevant parts of /etc/pam.d/system-auth:
auth required pam_env.so
auth sufficient pam_fprintd.so
auth sufficient pam_unix.so nullok try_first_pass
auth requisite pam_succeed_if.so uid >= 500 quiet...
2013 Feb 15
1
Problem with User and Group Ownership listing
...ify server certificate (yes/no)
#tls_checkpeer yes
# CA certificates for server certificate verification
tls_cacertfile /etc/openldap/cacerts/cacert.pem
tls_cacertdir /etc/openldap/cacerts
# Client certificate and key
tls_cert /etc/openldap/cacerts/servercert.pem
tls_key /etc/openldap/cacerts/serverkey.pem
Relevant parts of /etc/pam.d/system-auth:
auth required pam_env.so
auth sufficient pam_fprintd.so
auth sufficient pam_unix.so nullok try_first_pass
auth requisite pam_succeed_if.so uid >= 500 quiet...
2005 Mar 07
2
TLSVerifyClient demand or try
...,dc=dbb,sc=su,dc=se
nss_base_passwd dc=dbb,dc=su,dc=se?sub
nss_base_shadow dc=dbb,dc=su,dc=se?sub
nss_base_group ou=Groups,dc=dbb,dc=su,dc=se?one
pam_password md5
tls_checkpeer yes
TLS_CACERT /etc/ldap/ca.pem
TLS_REQCERT demand
ssl start_tls
tls_cert /etc/nss/nssldap.pem
tls_key /etc/nss/nssldap.key
I can neither login through ssh or login when TLSVerifyClient is set to demand
or try. Please enlight me here.
Thanks
Peter
Peter Nyberg
Institutionen f?r Biokemi och Biofysik (DBB)
Sv.Arrhenius v?gen 12
106 91 Stockholm
Tel: 08-16 24 69
Mobil: 070 339 24 69
Fax 08 153679
2010 Dec 30
1
Samba OpenLDAP TLS
Dear Samba friends,
I have setup a samba server 3.5 on FreeBSD 8.1-RELEASE-p2 with
openldap-sasl-server-2.4. I have specified ``TLSVerifyClient demand'' in
slapd.conf and want to enforce the clients to connect and show a
valid certificate to the ldap server. As far as I have understood, Samba
will act as a client as well and in order to access the ldap server it will
need a client
2007 Jun 07
0
urgent: winbind doesn't see groups from samba pdc+ldap
...aag
URI ldap://erde.aag:389 ldap://mond.aag:389
nss_base_passwd ou=users,dc=aag?one
nss_base_passwd ou=computers,dc=aag?one
nss_base_shadow ou=users,dc=aag?one
nss_base_group ou=groups,dc=aag?one
TLS_CACERT /etc/ldap/certs/cacert.pem
TLS_CERT /etc/ldap/certs/memberserver_cert.pem
TLS_KEY /etc/ldap/certs/memberserver_key.pem
TLS_CHECKPEER yes
SSL start_tls
TLS_REQCERT allow
It make no difference if I activate TLS or not.
******************************
/etc/nsswitch.conf
******************************
passwd: files ldap winbind
group: fi...
2009 Feb 18
1
samba can not contact the ldap server
...olicy
# allows anyone and everyone to read anything but restricts
# updates to rootdn. (e.g., "access to * by * read")
#
# rootdn can always read and write EVERYTHING!
# equivalent to TLS_CACERT
TLSCertificateFile /etc/ssl/ldapcert.pem
# selbst-signiertes Zertifikat
# equivalent to TLS_KEY
TLSCertificateKeyFile /etc/ssl/ldapkey.pem
# privater Schluessel
# equivalent to TLS_CERT
TLSCACertificateFile /etc/ssl/demoCA/cacert.pem
# Certificate Authority
# this is equivalent to TLS_REQCERT
#TLSVerifyClient allow
#TLSVerifyClient try
#TLSVerifyClient demand
#Verfa...
2017 Jan 26
10
[nbdkit PATCH v2 0/6] bind .zero to Python
Fix some things I noticed while reviewing v1, and follow Rich's
idea to add a new nbdkit_set_error() utility function with a
binding for Python users to request a particular error (rather
than being forced to live with whatever stale value is in errno
after all the intermediate binding glue code).
I could not easily find out how to register a C function callable
from perl bindings, and have
2006 Nov 06
1
Samba with AD
...least one of these are required if tls_checkpeer is "yes"
#tls_cacertfile /etc/ssl/ca.cert
#tls_cacertdir /etc/ssl/certs
# SSL cipher suite
# See man ciphers for syntax
#tls_ciphers TLSv1
# Client certificate and key
# Use these, if your server requires client authentication.
#tls_cert
#tls_key
Any Tips what I am missing out on ????? I am trying to get authentication working with SAMBA through to AD
Regards
Pashii
_____________________________________________________________________
Der WEB.DE SmartSurfer hilft bis zu 70% Ihrer Onlinekosten zu sparen!
http://smartsurfer.web.de/?mc=1...
2017 Jan 27
6
[nbdkit PATCH v3 0/4] bind .zero to Python
This cleans up the existing code base with regards to implicit
use of errno from language bindings, then rebases the previous
work in python on top of that.
I'm still playing with the perl bindings, but got further after
reading 'perldoc perlembed'.
Eric Blake (4):
plugins: Don't use bogus errno from non-C plugins
plugins: Add new nbdkit_set_error() utility function
python:
2010 Nov 21
0
LDAP clients fail to connect with SSL enabled
...t least one of these are required if tls_checkpeer is "yes"
#tls_cacertfile /etc/ssl/ca.cert
#tls_cacertdir /etc/ssl/certs
# SSL cipher suite
# See man ciphers for syntax
#tls_ciphers TLSv1
# Client certificate and key
# Use these, if your server requires client authentication.
#tls_cert
#tls_key
# SASL mechanism for PAM authentication - use is experimental
# at present and does not support password policy control
uri ldap://ldap.summitnjhome.com/
ssl start_tls
tls_cacertdir /etc/openldap/cacerts
pam_password crypt
This is how my nsswitch on the client side is setup:
passwd: files lda...
2012 Jan 15
3
Samba 4 ldb_wrap open of idmap.ldb
...tdir /etc/ssl/certs
#tls_cacertfile /etc/ssl/ca.cert
# Seed the PRNG if /dev/urandom is not provided
#tls_randfile /var/run/egd-pool
# SSL cipher suite
# See man ciphers for syntax
#tls_ciphers TLSv1
# Client certificate and key
# Use these, if your server requires client authentication.
#tls_cert
#tls_key
# NDS mappings
#map group uniqueMember member
# Mappings for Services for UNIX 3.5
#filter passwd (objectClass=User)
#map passwd uid msSFU30Name
#map passwd userPassword msSFU30Password
#map passwd homeDirectory msSFU30HomeDirectory
#map passwd homeDirectory msSF...
2005 Apr 21
0
Problem with groups & joining domain.- LDAP
...ls_cacert /usr/local/certs/cacert.pem
# Seed the PRNG if /dev/urandom is not provided
#tls_randfile /var/run/egd-pool
# SSL cipher suite
# See man ciphers for syntax
tls_ciphers HIGH:MEDIUM:SSLv2
# Client certificate and key
# Use these, if your server requires client authentication.
#tls_cert
#tls_key
# Disable SASL security layers. This is needed for AD.
#sasl_secprops maxssf=0
# Override the default Kerberos ticket cache location.
#krb5_ccname FILE:/etc/.ldapcache
# SASL mechanism for PAM authentication - use is experimental
# at present and does not support password policy control
#pam_sas...
2009 Mar 04
0
Can anyone comment on my setup?
...le /etc/ssl/ca.cert
#tls_cacertdir /etc/ssl/certs
# Seed the PRNG if /dev/urandom is not provided
#tls_randfile /var/run/egd-pool
# SSL cipher suite
# See man ciphers for syntax
#tls_ciphers TLSv1
# Client certificate and key
# Use these, if your server requires client authentication.
#tls_cert
#tls_key
# Disable SASL security layers. This is needed for AD.
#sasl_secprops maxssf=0
# Override the default Kerberos ticket cache location.
#krb5_ccname FILE:/etc/.ldapcache
# SASL mechanism for PAM authentication - use is experimental
# at present and does not support password policy control
#pam_sas...
2005 May 05
2
Fwd: Follow Up - Problem with groups & joining domain.- LDAP
...tls_cacert /usr/local/certs/cacert.pem
# Seed the PRNG if /dev/urandom is not provided
#tls_randfile /var/run/egd-pool
# SSL cipher suite
# See man ciphers for syntax
tls_ciphers HIGH:MEDIUM:SSLv2
# Client certificate and key
# Use these, if your server requires client authentication.
#tls_cert
#tls_key
# Disable SASL security layers. This is needed for AD.
#sasl_secprops maxssf=0
# Override the default Kerberos ticket cache location.
#krb5_ccname FILE:/etc/.ldapcache
# SASL mechanism for PAM authentication - use is experimental
# at present and does not support password policy control
#pam_sas...
2005 Jun 22
2
Problem Connecting from Windows to Samba-OpenLDAP PDC
...le /etc/ssl/ca.cert
#tls_cacertdir /etc/ssl/certs
# Seed the PRNG if /dev/urandom is not provided
#tls_randfile /var/run/egd-pool
# SSL cipher suite
# See man ciphers for syntax
#tls_ciphers TLSv1
# Client certificate and key
# Use these, if your server requires client authentication.
#tls_cert
#tls_key
# Disable SASL security layers. This is needed for AD.
#sasl_secprops maxssf=0
# Override the default Kerberos ticket cache location.
#krb5_ccname FILE:/etc/.ldapcache
# SASL mechanism for PAM authentication - use is experimental
# at present and does not support password policy control
#pam_sas...