Hi Steve, 2011/11/12 steve <[email protected]>:
> My smb conf looks like this: > > passdb backend = ldapsam:ldap://hh1.site > idmap backend = ldap:ldap://hh1.site > ldap ssl = start tls Looks right. > > hh1.site is my FQDN and is also the CN for the CA and servercerts. > Good > But I'm wondering. Since the samba and ldap servers are both on the same > box, is that why TLS isn't working? Nope. But you could disable ssl/tls in that case: "ldap ssl = off" > Because it doesn't make sense to have > it? It doesn't make sense to use ssl/tls connections in your case, but it is not the cause your setup is not working. > There is no communication between samba and ldap over the network as > they are both on the same machine. Would this explain the errors: > No > > However, they can connect with: > > TLS_REQCERT never > in > /etc/openldap/ldap.conf Yes, because you're are missing your CA. If you want samba to connect to openldap over tls/ssl, you need something like this: TLS_REQCERT hard TLS_CACERT /path/to/your/ca.crt > > Confused! Basically you either need to disable tls (ldapsam:ldap://.... and ldap ssl = off) or put your CA in your samba server and tell ldap where to find it. Regards, Norberto -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
