Hello List,
I am attempting to resolve a problem with my samba / ldap setup when a user
attempts to change their samba password. I am running smbd version: 3.0.22 on
RHEL4. When a user attempts to change their windows password the following
shows up in the smbd.log file:
ldapsam_modify_entry: LDAP Password could not be changed for user sland:
Confidentiality required
Operation requires a secure connection.
Since my ldap server is setup with ldaps using a self-signed certificate I
figured all I need to do is turn ssl on with:
ldap ssl = on
and the passdb backend set with "ldap://host";
but that still returned the same error messages in the log.
Next I tried changing the passdb backend to use "ldaps://host"
but then I started getting the following message in the log:
LDAP error: error:14090086:SSL
routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed (Time
limit exceeded)
and using: openssl s_client -connect server-cert:636 -showcerts -state
ends with: Verify return code: 19 (self signed certificate in certificate chain)
Which works ok with /etc/ldap.conf by turning off certificate checking.
So I am not sure which way to go at this point. Since the ldap authentication
for the operating system works through ldaps with no problem, I have it set
to not verify the certificate in ldap.conf, then it seems I need to be able to
tell samba to not verify the certificate? I looked through the docs and did
not see a parameter for that. Is there such a parameter.
Any ideas or suggestions?
TIA
--
Jim Summers
School of Computer Science-University of Oklahoma
-------------------------------------------------
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/listinfo/samba
