Hi there guys, do not know if post this here or in openldap list, sorry if I disturb you.
I configured samba+ldap as a PDC and byt now it's working fine, so, I decided to put some security to the stuff. The problem is that I coudl not make it work, here I what I've done. This is what netstat shows. tcp 0 0 0.0.0.0:389 0.0.0.0:* LISTEN tcp 0 0 0.0.0.0:636 0.0.0.0:* LISTEN tcp 0 0 127.0.0.1:389 127.0.0.1:1873 ESTABLISHED tcp 0 0 :::389 :::* LISTEN tcp 0 0 :::636 :::* LISTEN in slapd.conf i have TLSCipherSuite HIGH:MEDIUM:+SSLv3 TLSCertificateFile /usr/local/etc/openldap/ssl/server.crt TLSCertificateKeyFile /usr/local/etc/openldap/ssl/server.key VerifyClient demand I created the certificate like this: openssl genrsa 2048 -out > server.key openssl req -new -key server.key -out server.csr openssl req -in server.csr -key server.key -x509 -out server.crt openssl s_client -connect localhost:636 -showcerts CONNECTED(00000003) --- Certificate chain 0 s:/C=UY/ST=Location/O=Internet Widgits Pty Ltd i:/C=UY/ST=Location/O=Internet Widgits Pty Ltd -----BEGIN CERTIFICATE----- the garbage -----END CERTIFICATE----- subject=/C=UY/ST=Location/O=Internet Widgits Pty Ltd issuer=/C=UY/ST=Location/O=Internet Widgits Pty Ltd --- No client certificate CA names sent --- SSL handshake has read 1115 bytes and written 468 bytes --- New, TLSv1/SSLv3, Cipher is AES256-SHA Server public key is 2048 bit SSL-Session: Protocol : TLSv1 Cipher : AES256-SHA Session-ID: F605F2CC3CE88DC628D37DD843A9F879F5C8F0DAAFC6A92020A99B6DEF82705A Session-ID-ctx: Master-Key: 6763B71DE44699A2F13C548274E92FA097B7F6DA6EB4E73B32598616E8083A2C09524A5FB28121B507E0D4B923B10623 Key-Arg : None Start Time: 1160232704 Timeout : 300 (sec) Verify return code: 18 (self signed certificate) --- closed smb.conf passdb backend = ldapsam:ldap://127.0.0.1 Does it hae to be ldaps://127.0.0.1:636 ? Is this enought to establish a secure conection? I never see , with netstat, 636 ESTABLISHED If in smb.conf I change to ldaps://127.0.0.1:636, as I read in severals how-to's I get for example with pdbedit -Lv or trying to login from an XP machine the followigin in the server: Searching for:[(&(objectClass=sambaDomain)(sambaDomainName=TESTSERVER))] smbldap_open_connection: connection opened failed to bind to server ldaps://127.0.0.1:636 with dn="cn=Manager,dc=testserver,dc=com" Error: Can't contact LDAP server error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed Connection to LDAP server failed for the 1 try! and on, and on. and on.. What am I missing? My clients are XP machines Thanks in advance, sorry for the noise and for my very basic question. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba