Web lists-archives.com

Re: [Samba] LDAP problem




On 13/02/2017 10:01, Lukz Ferris wrote:
This error suggests a problem with your certificate. If it used to work
previously, then check it hasn't expired.

      openssl s_client -connect devsamba.lucas.ufes.br:636

copy-paste the certificate into a pem file, including begin/end lines

      openssl x509 -in mycert.pem -noout -enddate

And check your root CA cert hasn't expired:

      openssl x509 -in /usr/local/samba/private/tls/cert.pem -noout -enddate





I did the first command and I got this:

openssl s_client -connect devsamba.lucas.ufes.br:636
socket: Connection refused
connect:errno=111

Then your server is not even listening on the ldaps port, or port 636 is being blocked. If this worked in the past, then probably something has changed in your config.

To check whether it's a firewall problem, on the server itself check for listening processes:

# netstat -natp | grep LISTEN

If no process is listening on port 636, then that's where your problem is. Go check logs etc to see why the LDAP server isn't listening.

If there *is* a process listening on port 636 (and it's not bound to a local interface like 127.0.0.1 or ::1) then check what's blocking the traffic in between your client and server - e.g. iptables rules.


> Then I copy-paste the certificate and got this:

What certificate did you copy-paste?? The purpose of the "open s_client -connect x.x.x.x:636" command was to connect and find out what certificate the server was sending to you. But you didn't establish the connection, so there was no certificate to check.

Regards,

Brian.


--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba