-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
Martin Ritchie �rta: | | | J�r�me Tournier wrote: | |> Le Wed, Feb 04, 2004 at 05:13:34PM +0000, Martin Ritchie a ecrit: |> |>> Is anyone using samba with an openldap backend? I've been trying to |>> get it to use a SSL connection without much success. Has anyone |>> managed to get it all to work? |> |> |> |> i've done a quick guide. You can have a look here : |> http://samba.idealx.org/dist/doc/smbldap-tools007.html | | | This guide only suggests using tls. I need to use SSL. | | So fully encrypted communication. | | The ldap server is setup with a self signed certificate. This all works | fine for unix logins and lookups. | | I can't get samba to go fully SSL with the server. | | running strace on the smbd server then running the smbclient on it shows | the server trying to connect to the ldap server. What it is writing is | this: | | write(22, "07\2\1\1`2\2\1\3\4$cn=Manager,dc=kelvin"..., 57) = 57 | | This doesn't look like SSL data to me. Looks plaintext. | | My smb.conf file is configure correctly I'm sure. | | ldap ssl = on | ldap port = 636 # Though this is not used | ldap server = ki(This is the FQDN) | passdb backend = ldapsam:ldaps://ki.kelvininstitute.com/ | | It is the ldap or ldaps that specifies the connection port. | | Sorry to go on about this but I'm beginning to get pressure to get this | working and I've run out of ideas about why it isn't working. | | Any help would be great | | Cheers | Your problem arives from using self signed certificate. While nss+pam_ldap would accept it standard ldap client (>=2.1.x) library based applications, like samba won't. You could convince yourself doing an ldapsearch ...... -X -ZZ, see the manpage for details.
For samba version 3.0.x you don't need ldap server, and ldap port parameters, I would suggest, to you, read that doc, mentioned earlier.
Regards,
Geza -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.3 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iD8DBQFAI9rs/PxuIn+i1pIRApF2AJ9U196ZnqDL3xWlg/16Z4mw3LWghQCdGTg2 0JV3gMnyyYw2nTMoIOFOYcg= =8M5h -----END PGP SIGNATURE-----
-- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
