Samba LDAP (TLS fail?)

To: debian-user-polish@lists.debian.org
Subject: Samba LDAP (TLS fail?)
From: Jan Wideł <jan.widel@networkers.pl>
Date: Thu, 4 Jul 2013 14:59:25 +0200
Message-id: <[🔎] 1CA7273A-9A1B-41A3-AD94-65ED50906ED0@networkers.pl>

Hej,
mam działający ldap który do tej pory służył do autoryzacji Cisco ISE. Teraz przyszła kolej na podpięcie do niego kolejnych usług w tym samby.

smb.conf:
…
	security = user
        passdb backend = ldapsam:ldaps://ldap1.networkers.local:636
        ldap admin dn = cn=admin,dc=networkers,dc=local
        ldap group suffix = ou=groups
        ldap machine suffix = ou=computers
        ldap passwd sync = Yes
        ldap suffix = dc=networkers,dc=local
        ldap user suffix = ou=people
…

Log z serwera samba:
[2013/07/04 14:53:22.353681,  0] lib/smbldap.c:799(smb_ldap_start_tls)
  Failed to issue the StartTLS instruction: Can't contact LDAP server
[2013/07/04 14:53:24.423190,  0] lib/smbldap.c:799(smb_ldap_start_tls)
  Failed to issue the StartTLS instruction: Can't contact LDAP server
[2013/07/04 14:53:26.493032,  0] lib/smbldap.c:799(smb_ldap_start_tls)
  Failed to issue the StartTLS instruction: Can't contact LDAP server


Log z serwera ldap:
Jul  4 14:52:42 ds-1-net-mgmt slapd[1055]: conn=1993 fd=28 ACCEPT from IP=10.8.100.202:40095 (IP=0.0.0.0:636)
Jul  4 14:52:42 ds-1-net-mgmt slapd[1055]: conn=1993 fd=28 TLS established tls_ssf=128 ssf=128
Jul  4 14:52:43 ds-1-net-mgmt slapd[1055]: conn=1993 fd=28 closed (connection lost)
Jul  4 14:52:43 ds-1-net-mgmt slapd[1055]: conn=1994 fd=28 ACCEPT from IP=10.8.100.202:40096 (IP=0.0.0.0:636)
Jul  4 14:52:43 ds-1-net-mgmt slapd[1055]: conn=1994 fd=28 TLS established tls_ssf=128 ssf=128
Jul  4 14:52:44 ds-1-net-mgmt slapd[1055]: conn=1994 fd=28 closed (connection lost)

Google wyrzucają, żeby sprawdzić czy CN jest poprawny:
DS-1-NET-MGMT:~# openssl x509 -in /etc/ssl/certs/ldap-1-cert.pem -noout -text | grep CN
        Issuer: C=PL, ST=Malopolskie, L=Krakow, O=networkers.pl, CN=SUBCA-1/emailAddress=nadmin@networkers.pl
        Subject: C=PL, ST=Malopolskie, L=Krakow, O=networkers.pl, CN=ldap1.networkers.local/emailAddress=nadmin@networkers.pl

Już mi się pomysły kończą, może ktoś z was ma SMB+LDAP działające i podpowie:)

Pozdrawiam,

-- 
Jan Wideł
System Administrator/Network Engineer
e-mail: jan.widel@networkers.pl
mobile: +48 797 004 946

Reply to:

Follow-Ups:
- Re: Samba LDAP (TLS fail?)
  - From: Wojciech Giel <wojtekgiel@gmail.com>

Next by Date: Re: Samba LDAP (TLS fail?)
Next by thread: Re: Samba LDAP (TLS fail?)
Index(es):
- Date
- Thread