[prev in list] [next in list] [prev in thread] [next in thread] 

List:       samba
Subject:    Re: [Samba] Samba 3.3 ldap tools
From:       Juan_Asensio_Sánchez <okelet () gmail ! com>
Date:       2010-06-30 6:37:04
Message-ID: AANLkTimGXGEe4-YYqxTpZjpjXGLhwlpE8Eaj6WPUCHrW () mail ! gmail ! com
[Download RAW message or body]

These connections that give error are stablished with the ldap system libs,
not with smbldap-tools (that use perl), so you have to configure your system
to use your certificates (etc/{ldap,openldap}/ldap.conf).

regards.

2010/6/30 Indexer <indexer@internode.on.net>

> I am currently trying to setup my Samba server to act as a samba PDC, with
> ldap as a backend. I have a selfsigned CA, that has signed the certificates
> to my ldap server.
>
> Starting my smbd, i keep getting the message
>
> smb_ldap_setup_connection: ldap://ldap.streetgeek.lan/
> Failed to issue the StartTLS instruction: Connect error
> Connection to LDAP server failed for the 1 try!
> smbldap_open: already connected to the LDAP server
> Failed search for base: dc=dev,dc=gamersalliance,dc=net,dc=au, error: -1
> (Can't contact LDAP server) (error:14090086:SSL
> routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed (self signed
> certificate in certificate chain))
>
> I have set in smbldap-tools.conf to verify="allow", as well as in ldap.conf
> to TLS_REQCERT = allow, so i dont understand why this is happening. All of
> my systems are pointed to the same cacert file so i doubt that it is
> confusing certificates. Are there any other options i should be considering?
>
> Thanks
>
> William
> --
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/options/samba
>
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba
[prev in list] [next in list] [prev in thread] [next in thread]