RE [Samba] TLS connections between SambaOpenLDAP
Have you set : TLS_CACERT ldap.conf of openldap (not /etc/ldap.conf) The common name in certificat, is it a host name resolvable ? --- Stéphane PURNELLE [EMAIL PROTECTED] Service Informatique Corman S.A. Tel : 00 32 087/342467 [EMAIL PROTECTED] a écrit sur 27/07/2005 11:02:58 : Goos morning all, I compiled Samba 3.0.14a with OpenLDAP 2.1.22-0 directory. I then enabled TLS between Samba and OpenLDAP. The following tests succeeded: s_server to s_client -- OK slapd to s_client -- OK slapd to OPenLDAP client commands (ldapsearch..) -- OK The problem is the following: when I start Samba (service smb start), slapd output returns: TLS trace: SSL_accept:SSLv3 flush data tls_read: want=5, got=5 : 15 03 01 00 02 . tls_read: want=2, got=2 : 02 30 .0 TLS trace: SSL3 alert read:fatal:unknown CA TLS trace: SSL_accept:failed in SSLv3 read client certificate A TLS: can't accept. TLS: error:14094418:SSL routines:SSL3_READ_BYTES:tlsv1 alert unknown ca s3_pkt.c:1052 connection_read(14): TLS accept error error=-1 id=2, closing connection_closing: readying conn=2 sd=14 for close May anyone tell me what is going wrong? Thank you ___ Appel audio GRATUIT partout dans le monde avec le nouveau Yahoo! Messenger Téléchargez cette version sur http://fr.messenger.yahoo.com -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba-- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
RE: RE [Samba] TLS connections between SambaOpenLDAP
Have you set : TLS_CACERT ldap.conf of openldap (not /etc/ldap.conf) No! I set it in /etc/ldap.conf. The common name in certificat, is it a host name resolvable ? Yes, it is. ___ Appel audio GRATUIT partout dans le monde avec le nouveau Yahoo! Messenger Téléchargez cette version sur http://fr.messenger.yahoo.com -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
RE: RE [Samba] TLS connections between SambaOpenLDAP
Have you set : TLS_CACERT ldap.conf of openldap (not /etc/ldap.conf) Now that I set TLS_CACERT to ca.pem file path in the appropriate ldap.conf, my slapd server returns (when I try to start smb services): TLS trace: SSL_accept:SSLv3 flush data tls_read: want=5, got=5 : 16 03 01 00 07 . tls_read: want=7, got=7 : 0b 00 00 03 00 00 00 ... tls_write: want=7, written=7 : 15 03 01 00 02 02 28 ..( TLS trace: SSL3 alert write:fatal:handshake failure TLS trace: SSL_accept:error in SSLv3 read client certificate B TLS trace: SSL_accept:error in SSLv3 read client certificate B TLS: can't accept. TLS: error:140890C7:SSL routines:SSL3_GET_CLIENT_CERTIFICATE:peer did not return a certificate s3_srvr.c:1993 Any idea please? ___ Appel audio GRATUIT partout dans le monde avec le nouveau Yahoo! Messenger Téléchargez cette version sur http://fr.messenger.yahoo.com -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Tr: RE: RE [Samba] TLS connections between SambaOpenLDAP
I think I guess what the error is. I've configured slapd to require a valid certificate for all TLS incoming sessions. However, I didn't create a ertificate for OpenLDAP client. I am going to do so. --- Bahya NASSR EDDINE [EMAIL PROTECTED] a écrit : Date: Wed, 27 Jul 2005 11:46:50 +0200 (CEST) De: Bahya NASSR EDDINE [EMAIL PROTECTED] Objet: RE: RE [Samba] TLS connections between SambaOpenLDAP À: [EMAIL PROTECTED], samba@lists.samba.org, openldap-software@OpenLDAP.org Have you set : TLS_CACERT ldap.conf of openldap (not /etc/ldap.conf) Now that I set TLS_CACERT to ca.pem file path in the appropriate ldap.conf, my slapd server returns (when I try to start smb services): TLS trace: SSL_accept:SSLv3 flush data tls_read: want=5, got=5 : 16 03 01 00 07 . tls_read: want=7, got=7 : 0b 00 00 03 00 00 00 ... tls_write: want=7, written=7 : 15 03 01 00 02 02 28 ..( TLS trace: SSL3 alert write:fatal:handshake failure TLS trace: SSL_accept:error in SSLv3 read client certificate B TLS trace: SSL_accept:error in SSLv3 read client certificate B TLS: can't accept. TLS: error:140890C7:SSL routines:SSL3_GET_CLIENT_CERTIFICATE:peer did not return a certificate s3_srvr.c:1993 Any idea please? ___ Appel audio GRATUIT partout dans le monde avec le nouveau Yahoo! Messenger Téléchargez cette version sur http://fr.messenger.yahoo.com ___ Appel audio GRATUIT partout dans le monde avec le nouveau Yahoo! Messenger Téléchargez cette version sur http://fr.messenger.yahoo.com -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba