Gémes Géza wrote:
Your problem arives from using self signed certificate. While nss+pam_ldap would accept it standard ldap client (>=2.1.x) library based applications, like samba won't. You could convince yourself doing an ldapsearch ...... -X -ZZ, see the manpage for details.
Indeed the problem was certificate related. But also the OpenSSL libraries were not being picked up. Now that they are I'm getting a
failed to bind to server with dn= cn=Manager,dc=kelvininstitute,dc=com Error: Can't contact LDAP server
error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed
Now I sure this is due to the self-signed cert. However I have added it to my <ssl-path>/certs/ directory as pointed out here:
<http://tirian.magd.ox.ac.uk/~nick/openssl-certs/others.shtml#selfsigned-openssl>
and running openssl verify ldap.pem verifies OK on both ldap server and samba server. I have linked all the ssl directories that existed to the same directory just in case is was trying the wrong path. i.e /usr/share/ssl /usr/local/ssl goto /usr/local/openssl/ssl
However, samba still produces the above verification error.
If anyone can point me in the right direction then I'll stop bothering you all. It can't be dependent on getting a 'real' certificate can it?
tia
-- Martin Ritchie
the Kelvin Institute 50, George Street Glasgow Scotland, UK G1 1QE
www.kelvininstitute.com +44 (0) 141 548 5719 -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
