I think I guess what the error is. I've configured slapd to require a valid certificate for all TLS incoming sessions. However, I didn't create a ertificate for OpenLDAP client. I am going to do so.
--- Bahya NASSR EDDINE <[EMAIL PROTECTED]> a écrit : > Date: Wed, 27 Jul 2005 11:46:50 +0200 (CEST) > De: Bahya NASSR EDDINE <[EMAIL PROTECTED]> > Objet: RE: RE [Samba] TLS connections between > Samba&OpenLDAP > À: [EMAIL PROTECTED], samba@lists.samba.org, > openldap-software@OpenLDAP.org > > > > Have you set : > > > > TLS_CACERT ldap.conf of openldap (not > > /etc/ldap.conf) > Now that I set TLS_CACERT to ca.pem file path in the > appropriate ldap.conf, my slapd server returns (when > I > try to start smb services): > > TLS trace: SSL_accept:SSLv3 flush data > tls_read: want=5, got=5 > 0000: 16 03 01 00 07 > > ..... > tls_read: want=7, got=7 > 0000: 0b 00 00 03 00 00 00 > > ....... > tls_write: want=7, written=7 > 0000: 15 03 01 00 02 02 28 > > ......( > TLS trace: SSL3 alert write:fatal:handshake failure > TLS trace: SSL_accept:error in SSLv3 read client > certificate B > TLS trace: SSL_accept:error in SSLv3 read client > certificate B > TLS: can't accept. > TLS: error:140890C7:SSL > routines:SSL3_GET_CLIENT_CERTIFICATE:peer did not > return a certificate s3_srvr.c:1993 > > > Any idea please? > > > > > > > > ___________________________________________________________________________ > > Appel audio GRATUIT partout dans le monde avec le > nouveau Yahoo! Messenger > Téléchargez cette version sur > http://fr.messenger.yahoo.com > ___________________________________________________________________________ Appel audio GRATUIT partout dans le monde avec le nouveau Yahoo! Messenger Téléchargez cette version sur http://fr.messenger.yahoo.com -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba