Web lists-archives.com

Re: [Samba] LDAPS is not working




On Wed, 2018-08-08 at 10:31 +0200, basti mueller via samba wrote:
> Hi,
> 
> after a successfully migrating my NT4 with OpenLDAP to a Samba4 AD...I got a problem.
> 
> Like in the sambawiki tutorial (https://wiki.samba.org/index.php/Configuring_LDAP_over_SSL_(LDAPS)_on_a_Samba_AD_DC) I tried to configure LDAPS. I used the auto-configured certs. They are located in "/var/lib/samba/private/tls".

> root@server:/var/lib/samba/private/tls# ldbsearch -H ldaps://127.0.0.1 '(cn=admin)' objectClass -Uadmin
> TLS failed to missing crlfile  - with 'tls verify peer = as_strict_as_possible'
> Failed to connect to ldap URL 'ldaps://127.0.0.1' - LDAP client internal error: NT_STATUS_INVALID_PARAMETER_MIX
> Failed to connect to 'ldaps://127.0.0.1' with backend 'ldaps': LDAP client internal error: NT_STATUS_INVALID_PARAMETER_MIX
> Failed to connect to ldaps://127.0.0.1 - LDAP client internal error: NT_STATUS_INVALID_PARAMETER_MIX

To validate a TLS certificate it needs to connect to the same name as
in the certificate, not the IP (127.0.0.1 in this case). 

I hope this clarifies things,

Andrew Bartlett

-- 
Andrew Bartlett
https://samba.org/~abartlet/
Authentication Developer, Samba Team         https://samba.org
Samba Development and Support, Catalyst IT   
https://catalyst.net.nz/services/samba





-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba