-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
Martin Ritchie �rta: | | | Gerald (Jerry) Carter wrote: | |> -----BEGIN PGP SIGNED MESSAGE----- |> Hash: SHA1 |> |> Martin Ritchie wrote: |> | |> | How do i get samba to accept a self signed certificate |> | from my ldap server? |> |> You need the openldap client libs to accept the cert. |> See the howto at |> |> http://www.openldap.org/pub/ksoper/OpenLDAP_TLS_howto.html | | | | I had the client libs set up to be the default i.e. tls_checkpeer was | set to no. This worked fine for the nss_ldap client. | | I changed this to yes and gave the tls_cacertfile the ca file and things | still worked for nss_ldap. | | However, I still get the same probelm with samba. Am I doing something | wrong? | | While I know this seems to have more of a LDAP focus I believe the | problem is else where. nss_ldap and pam_ldap both work fine with the | /etc/ldap.conf settings yet samba 3.0.2 still gives a certificate error: | | error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate | verify failed | | Does someone have a ldap/samba setup using SSL rather than TLS with | self-signed certs? | | Cheers | I don't know your filesystem in detail, but nss+pam_ldap has its own ldap.conf located at /etc/ldap.conf, at my systems, and it seems, that at yours too. Anything else using ldap libs has its configuration file caled ldap.conf located at the same dir as the openldap servers slapd.conf, /etc/openldap/ldap.conf, at my side. I also had to set the LDAPCONF=/etc/openldap/ldap.conf in one of my initialisation scripts (/etc/profile.d/ldap.sh and /etc/profile.d/ldap.csh), but it may be just Manrake 9.2 related.
Regards,
Geza -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.3 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iD8DBQFAKSwq/PxuIn+i1pIRApANAJwNBlkUQ0rjywi22sREcUFdhYpKFgCgo6aF R2ZCpoU6CeeDXKGUAbX7FLM= =wW9W -----END PGP SIGNATURE-----
-- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
