ClearFoundation Tracker - ClearOS | |||||
| View Issue Details | |||||
| ID | Project | Category | View Status | Date Submitted | Last Update |
| 0000456 | ClearOS | app-samba - Windows Networking | public | 2012-03-05 05:49 | 2013-01-29 13:18 |
| Reporter | devferret | ||||
| Assigned To | user2 | ||||
| Priority | normal | Severity | major | Reproducibility | always |
| Status | closed | Resolution | fixed | ||
| Platform | OS | OS Version | |||
| Product Version | 5.2-SP1 | ||||
| Target Version | Fixed in Version | 6.2.0 | |||
| Summary | 0000456: Samba is configured to use start tls for LDAP ; slapd is not configured this way | ||||
| Description | By default, samba uses start tls when talking to an LDAP server (see man smb.conf, parameter "ldap ssl"). For ClearOS, this configuration is wrong, because slapd is not set up for ssl. In my case, I'm pretty much certain that this misconfiguration exposes bugs in slapd which lead to it becoming progressively less responsive.. see http://www.clearfoundation.com/component/option,com_kunena/Itemid,232/catid,26/func,view/id,32600/limit,10/limitstart,20/#35057 [^] I've listed the severity as major, because failing slapd was definitely a major problem for me. But in any case, samba shouldn't be using ssl when talking to ldap, the samba and slapd configurations should align. | ||||
| Steps To Reproduce | |||||
| Additional Information | To fix this, just add ldap ssl = no to /etc/openldap/templates/smb.ldap.conf.template Note that you won't see direct evidence of this misconfiguration unless you turn on debugging in samba; in /etc/samba/smb.conf add ldap debug level = 264 ldap debug threshold = 1 After this, you'll get messages in the samba logs repeated for every single ldap connection: [2011/10/29 22:36:39.253617, 1] lib/ldap_debug_handler.c:25(samba_ldap_log_print_fn) [LDAP] TLS certificate verification: Error, self signed certificate [2011/10/29 22:36:39.268720, 1] lib/ldap_debug_handler.c:25(samba_ldap_log_print_fn) [LDAP] TLS: unable to get peer certificate. | ||||
| Tags | No tags attached. | ||||
| Relationships | |||||
| Attached Files | |||||
| Issue History | |||||
| Date Modified | Username | Field | Change | ||
| 2012-03-05 05:49 | devferret | New Issue | |||
| 2012-03-05 05:56 | user2 | Note Added: 0000418 | |||
| 2012-03-05 05:57 | user2 | Assigned To | => user2 | ||
| 2012-03-05 05:57 | user2 | Status | new => confirmed | ||
| 2012-03-09 19:32 | user2 | Product Version | => 5.2-SP1 | ||
| 2012-03-09 19:35 | user2 | Issue cloned: 0000478 | |||
| 2012-03-09 19:40 | user2 | Category | samba => app-samba - Windows Networking | ||
| 2013-01-29 13:18 | user2 | Status | confirmed => resolved | ||
| 2013-01-29 13:18 | user2 | Fixed in Version | => 6.2.0 | ||
| 2013-01-29 13:18 | user2 | Resolution | open => fixed | ||
| 2013-01-29 13:18 | user2 | Status | resolved => closed | ||
| Notes | |||||
|
|
|||||
|
|
||||