Web lists-archives.com

[Samba] LDAPS is not working




Hi,

after a successfully migrating my NT4 with OpenLDAP to a Samba4 AD...I got a problem.

Like in the sambawiki tutorial (https://wiki.samba.org/index.php/Configuring_LDAP_over_SSL_(LDAPS)_on_a_Samba_AD_DC) I tried to configure LDAPS. I used the auto-configured certs. They are located in "/var/lib/samba/private/tls".

My smb.conf:
# Global parameters
[global]
        netbios name = PDC
        realm = COMPANY.COM
        workgroup = COMPANY
        server role = active directory domain controller
        idmap_ldb:use rfc2307 = yes
        template shell = /bin/bash
        template homedir= /home/%U
        dns forwarder = 8.8.8.8
        min protocol = SMB2
        tls enabled  = yes
        tls keyfile  = /var/lib/samba/private/tls/key.pem
        tls certfile = /var/lib/samba/private/tls/cert.pem
        tls cafile   = /var/lib/samba/private/tls/ca.pem
        winbind enum users = yes
        winbind enum groups = yes
        winbind cache time = 10
        winbind use default domain = yes
        logging = syslog@1 /var/log/samba/log.%m

I've tested it with the following command and got the following error...

root@server:/var/lib/samba/private/tls# ldbsearch -H ldaps://127.0.0.1 '(cn=admin)' objectClass -Uadmin
TLS failed to missing crlfile  - with 'tls verify peer = as_strict_as_possible'
Failed to connect to ldap URL 'ldaps://127.0.0.1' - LDAP client internal error: NT_STATUS_INVALID_PARAMETER_MIX
Failed to connect to 'ldaps://127.0.0.1' with backend 'ldaps': LDAP client internal error: NT_STATUS_INVALID_PARAMETER_MIX
Failed to connect to ldaps://127.0.0.1 - LDAP client internal error: NT_STATUS_INVALID_PARAMETER_MIX

How can I solve this error?
Thanks!

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba