hello !
first of all , I run on a Debian woody (without X), I have a LDAP directory (with ssl/tls ok), I have an anthentification PAM_LDAP (login only, I have no system-auth file) which works with ssl/tls too.
then ,now I would like a samba (3.0.2a) which supports SSL/TLS and LDAP (of course)
I compiled this version of samba like this :
./configure --with-ldapsam --prefix=/usr/local/samba --with-ssl
make
make install
NO error !
A testparm says : no error
but when I try to connect my user ldap (called testldap) on my windows I get :
"the option STARTTLS is not supported " in the log
so I did : ldd /usr/local/samba/sbin/sbmd and I see libldap, liblber, libpam, etc.. but NO libssl...:(
I reconfigure and reinstall samba like this
./configure --with-ldap --prefix=/usr/local/samba -enabled-shared --with-tdbsam
make
make install
testparm says : unknown option "ldap port"
it's ok 'coz I have not compiled samba with the option --ldapsam.. so I just commented this line
and I read the man smb.conf see this : default : ldap port = 636 if ldap ssl=on default : ldap port= 389 if ldap ssl=off
so I put ldap ssl=off (then I turn on port 389 - the port of TLs) ldap ssl= start tls (then I want tls )
I try to open a swindows session. and it works !!!!!!!!
or maybe It seems to work..
I can open a session for the user testldap, the ssldump shows me some transactions/things on the port 389, but (because there is always a BUT) the debug of the ldap serveur (option -d127) doesnt show me some TLS read or something like this, and the password of the admin of LDAP directory is in clear...
so Is it works or no?? Is someone who has already managed to do samba 3.x+LDAP +SSL/TLS??? is it possible?
So, plz can someone help me ??, I'm in training period.. and the time is almost finish...
Thanks
Gabrielle
PS : debian woody (without X) openldap 2.1.23 openssl 0.9.7d samba 3.0.2a
PPS : my smb.conf
[global] workgroup = GABY netbios name = TESTG server string = Samba Server de Gaby security = user load printers = yes printing = cups log file = /usr/local/samba/var/log.%m max log size = 1000 socket options = TCP_NODELAY local master = yes os level = 255 domain master = yes preferred master = yes domain logons = yes logon path = \\%L\Profiles\%U wins support = yes dns proxy = no
logon drive = Z: logon home = \\%L\profiles\%U passdb backend = ldapsam:ldap://svrldap.tzm.fr ldap suffix = dc=tzm_fr ldap admin dn = cn=admin,dc=tzm_fr ldap machine suffix = ou=Computers,dc=tzm_fr
ldap user suffix = ou=People,dc=tzm_fr ldap ssl = start tls ldap ssl =off
[homes] comment = Home Directories browseable = no writable = yes create mask = 0700 directory mask = 0700
[netlogon] comment = Network Logon Service path = /home/samba/netlogon guest ok = no writable = no share modes = no browseable = no
[Profiles] path = /home/samba/export/profiles browseable = no guest ok = yes writeable = yes create mask = 0700 directory mask = 0700
[printers] comment = All Printers path = /tmp browseable = no guest ok = no writable = no printable = yes
[public] comment = Public Stuff path = /home/samba/public public = yes writable = yes
_________________________________________________________________
MSN Search, le moteur de recherche qui pense comme vous ! http://search.msn.fr
-- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
