Trying to get LAM to talk to Samba via ldaps Error message:
Cannot connect to specified LDAP server. Please try again. (-1) LDAP error, server says: Can't contact LDAP server - error:0A000086:SSL routines::certificate verify failed (unable to get local issuer certificate) Wireshark says: Alert (Level: Fatal, Description: Unknown CA) I've tried the Import from Server under General settings, which imports fine, but never works. I feel like this should be an easy procedure, but I can never get it to work with encryption enabled. Common name Valid to Serial number Delete dc5.rmc.example.edu 2027-09-14 1115614824 I tried editing the /etc/openldap/ldap.conf on the LAM server to include what is called the cacert.pem in the documentation as referenced at: https://www.ldap-account-manager.org/static/doc/manual/apbs03.html cacert.pem does not exist, so I've tried the Samba generated ca.pem and cert.pem, with a reboot between the two tries. TLS_CACERT /etc/openldap/certs/dc5-ca.pem #TLS_CACERT /etc/openldap/certs/dc5-cert.pem A few years I also tried to get this to work, to no avail. I tried manually importing the certs and CA, but never got it work. I tried generating self-signed certs on the Samba server as outlined at: https://wiki.samba.org/index.php/Configuring_LDAP_over_SSL_(LDAPS)_on_a_Samba_AD_DC I also tried setting up my own CA, but didn't find much documentation and never got that working. I feel like I'm doing something fundamentally wrong. Would this work better if I installed LAM on Debian or Ubuntu instead of Alma? We'd rather use in-house certs, but should we just buy a commercial, trusted cert? If so from whom, and what type of certs, for what uses, including what additional names? Should I look into setting up a CA again? If so, any pointers to a good guide? What are most people doing? I've installed plenty of web server SSL certs, and manually renewed Samba certs, but I just can't get this to work. Thanks for any help or pointers to a step-by-step procedure that anyone can provide! Larry
_______________________________________________ Lam-public mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/lam-public
