On Fri, 2011-11-11 at 23:31 +0100, lynn wrote:
On Fri, 2011-11-11 at 20:19 +0100, lynn wrote:
11/10/2011 12:02 PM, lynn wrote:
Hi Scenario: Lan with 11.4 server and Linux, win-xp and win7 clients. The windows clients can login but are denied access to their home folder: Nov 10 11:20:16 hh1 smbd[6066]: [2011/11/10 11:20:16.268556, 0] lib/smbldap.c:731(smb_ldap_start_tls) Nov 10 11:20:16 hh1 smbd[6066]: Failed to issue the StartTLS instruction: Connect error Solved? Adding: TLS_REQCERT never to /etc/openldap/ldap.conf allows windows to connect to the samba domain with TLS. No, it doesn't. The logs show the name of the person who is logging in from a win 7 client and a successful starttls session for that logon. That's why I
On 11/11/2011 10:40 PM, Adam Tauno Williams wrote: thought it was working.
Can anyone comment on the security of this workaround? It's bad. If you are using a local DSA then use an ldapi:// uri as this is more secure and faster. If you are using a remote DSA then fix your SSL setup [otherwise in your smb.conf just set "ldap ssl = off"]. You need to setup the host so that you can perform ldapsearch commands [from the command line] with the -ZZ
It allows *Samba* to communicate with the DSA. It is a side-effect that CIFS/SMB clients then work. options specified [require TLS to successfully initialize]. Sorry don't know what DSA is.
DSA is "Directory Service Agent". Which is what your 'LDAP server' is. The DSA makes available one or more Dits to network clients. A Dit is a "Directory Information Tree"; the hierarchy of objects stored in the 'LDAP database'. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org