2011/11/11 steve <[email protected]>: > On 11/11/2011 08:31 AM, steve wrote: >> >> Hi >> Scenario: >> Lan with opensuse 11.4 Samba and LDAP server. Linux, win-xp and win7 >> clients. >> >> >> >> Nov 10 11:20:16 hh1 smbd[6066]: [2011/11/10 11:20:16.268556, 0] >> lib/smbldap.c:731(smb_ldap_start_tls) >> Nov 10 11:20:16 hh1 smbd[6066]: Failed to issue the StartTLS >> instruction: >> Connect error >> > > Solved? > Adding: > > TLS_REQCERT never > > to > > /etc/openldap/ldap.conf > > allows windows to connect to the samba domain with TLS. > > Can anyone comment on the security of this workaround? > Thanks
Or you can copy your servers' CA to your clients, in this case your samba server and use "TLS_REQCERT hard" Your solution works, but some other machine can impersonate your ldap server and your smb server will never know the difference. Regards, Norberto -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
