On 11/11/2011 08:23 PM, zoolook wrote:
2011/11/11 steve<st...@steve-ss.com>:
On 11/11/2011 08:31 AM, steve wrote:
Hi
Scenario:
Lan with opensuse 11.4 Samba and LDAP server. Linux, win-xp and win7
clients.
Nov 10 11:20:16 hh1 smbd[6066]: [2011/11/10 11:20:16.268556, 0]
lib/smbldap.c:731(smb_ldap_start_tls)
Nov 10 11:20:16 hh1 smbd[6066]: Failed to issue the StartTLS
instruction:
Connect error
Solved?
Adding:
TLS_REQCERT never
to
/etc/openldap/ldap.conf
allows windows to connect to the samba domain with TLS.
Can anyone comment on the security of this workaround?
Thanks
Or you can copy your servers' CA to your clients, in this case your
samba server and use "TLS_REQCERT hard"
Your solution works, but some other machine can impersonate your ldap
server and your smb server will never know the difference.
Regards,
Norberto
Hi
Thanks for the reply.
But then I'm back to the samba not being able to use tls errors as above
no?
I made the workaround to get rid of the error. But I'll have a go. So,
On a win 7 client, where do I put the CA cert?
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba