Have you set : TLS_CACERT ldap.conf of openldap (not /etc/ldap.conf) The common name in certificat, is it a host name resolvable ?
----------------------------------- Stéphane PURNELLE [EMAIL PROTECTED] Service Informatique Corman S.A. Tel : 00 32 087/342467 [EMAIL PROTECTED] a écrit sur 27/07/2005 11:02:58 : > Goos morning all, > > I compiled Samba 3.0.14a with OpenLDAP 2.1.22-0 > directory. I then enabled TLS between Samba and > OpenLDAP. > > The following tests succeeded: > s_server to s_client --> OK > slapd to s_client --> OK > slapd to OPenLDAP client commands (ldapsearch..) > --> OK > > The problem is the following: when I start Samba > (service smb start), slapd output returns: > > TLS trace: SSL_accept:SSLv3 flush data > tls_read: want=5, got=5 > 0000: 15 03 01 00 02 > ..... > tls_read: want=2, got=2 > 0000: 02 30 > .0 > TLS trace: SSL3 alert read:fatal:unknown CA > TLS trace: SSL_accept:failed in SSLv3 read client > certificate A > TLS: can't accept. > TLS: error:14094418:SSL > routines:SSL3_READ_BYTES:tlsv1 alert unknown ca > s3_pkt.c:1052 > connection_read(14): TLS accept error error=-1 id=2, > closing > connection_closing: readying conn=2 sd=14 for close > > > May anyone tell me what is going wrong? > > Thank you > > > > > > > ___________________________________________________________________________ > Appel audio GRATUIT partout dans le monde avec le nouveau Yahoo! Messenger > Téléchargez cette version sur http://fr.messenger.yahoo.com > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/listinfo/samba-- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
