-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
Martin Ritchie írta: | | Gémes Géza wrote: | |> Your problem arives from using self signed certificate. While |> nss+pam_ldap would accept it standard ldap client (>=2.1.x) library |> based applications, like samba won't. You could convince yourself doing |> an ldapsearch ...... -X -ZZ, see the manpage for details. | | | Indeed the problem was certificate related. But also the OpenSSL | libraries were not being picked up. Now that they are I'm getting a | | failed to bind to server with dn= cn=Manager,dc=kelvininstitute,dc=com | Error: Can't contact LDAP server | error:14090086:SSL | routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed | | Now I sure this is due to the self-signed cert. However I have added it | to my <ssl-path>/certs/ directory as pointed out here: | <http://tirian.magd.ox.ac.uk/~nick/openssl-certs/others.shtml#selfsigned-openssl>
| | and running openssl verify ldap.pem verifies OK on both ldap server and | samba server. I have linked all the ssl directories that existed to the | same directory just in case is was trying the wrong path. i.e | /usr/share/ssl /usr/local/ssl goto /usr/local/openssl/ssl | | However, samba still produces the above verification error. | | If anyone can point me in the right direction then I'll stop bothering | you all. It can't be dependent on getting a 'real' certificate can it? | | tia | I think setting up your own certificate authority, and then convincing your clients to trust it is the easiest/cheapest method. You can read about it on OpenLDAP Administrators Guide, as well as other documents on the Net.
Good Luck!
Geza -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.3 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iD8DBQFAJ86p/PxuIn+i1pIRAtguAJ0SKlo0AR8JJ2NSMZIgDGr1ZZjZYwCeNw6z TnxxgoRUMDbvpPGZTpZHojs= =sp84 -----END PGP SIGNATURE-----
-- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
