On 11/12/2011 06:52 PM, zoolook wrote:
2011/11/11 steve<st...@steve-ss.com>:
So, On a
win 7 client, where do I put the CA cert?
You don't :-)
Win will talk to samba. Samba talks to OpenLDAP over a tls conection.
> From my experience (since -from my pov- it is not clear in the docs),
Samba needs:
passdb backend = ldapsam:ldaps://ldap.yourdomain.tld
ldap ssl = off
Or
passdb backend = ldapsam:ldap://ldap.yourdomain.tld
ldap ssl = start tls
BTW, the CN in the certificate must match the ldap uri if smb.conf. In
other words, if your certificate was created using CN=ldap.mydomian,
and you put ldapsam:ldap://localhost in smb.conf, it won't work.
HTH,
Norberto
Hi Norberto
My smb conf looks like this:
passdb backend = ldapsam:ldap://hh1.site
idmap backend = ldap:ldap://hh1.site
ldap ssl = start tls
hh1.site is my FQDN and is also the CN for the CA and servercerts.
But I'm wondering. Since the samba and ldap servers are both on the same
box, is that why TLS isn't working? Because it doesn't make sense to
have it? There is no communication between samba and ldap over the
network as they are both on the same machine. Would this explain the errors:
The windows clients can login but are denied access to their home folder:
Nov 10 11:20:16 hh1 smbd[6066]: [2011/11/10 11:20:16.268556, 0]
lib/smbldap.c:731(smb_ldap_start_tls)
Nov 10 11:20:16 hh1 smbd[6066]: Failed to issue the StartTLS instruction:
Connect error
However, they can connect with:
TLS_REQCERT never
in
/etc/openldap/ldap.conf
Confused!
Thanks for your patience.
Steve
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba
