| Anonymous | Login | 2024-11-21 01:51 MST |
| Main | My View | View Issues | Change Log | Roadmap | Repositories |
| View Issue Details [ Jump to Notes ] | [ Issue History ] [ Print ] | ||||||||
| ID | Project | Category | View Status | Date Submitted | Last Update | ||||
| 0000456 | ClearOS | app-samba - Windows Networking | public | 2012-03-05 05:49 | 2013-01-29 13:18 | ||||
| Reporter | devferret | ||||||||
| Assigned To | user2 | ||||||||
| Priority | normal | Severity | major | Reproducibility | always | ||||
| Status | closed | Resolution | fixed | ||||||
| Platform | OS | OS Version | |||||||
| Product Version | 5.2-SP1 | ||||||||
| Target Version | Fixed in Version | 6.2.0 | |||||||
| Summary | 0000456: Samba is configured to use start tls for LDAP ; slapd is not configured this way | ||||||||
| Description | By default, samba uses start tls when talking to an LDAP server (see man smb.conf, parameter "ldap ssl"). For ClearOS, this configuration is wrong, because slapd is not set up for ssl. In my case, I'm pretty much certain that this misconfiguration exposes bugs in slapd which lead to it becoming progressively less responsive.. see http://www.clearfoundation.com/component/option,com_kunena/Itemid,232/catid,26/func,view/id,32600/limit,10/limitstart,20/#35057 [^] I've listed the severity as major, because failing slapd was definitely a major problem for me. But in any case, samba shouldn't be using ssl when talking to ldap, the samba and slapd configurations should align. | ||||||||
| Additional Information | To fix this, just add ldap ssl = no to /etc/openldap/templates/smb.ldap.conf.template Note that you won't see direct evidence of this misconfiguration unless you turn on debugging in samba; in /etc/samba/smb.conf add ldap debug level = 264 ldap debug threshold = 1 After this, you'll get messages in the samba logs repeated for every single ldap connection: [2011/10/29 22:36:39.253617, 1] lib/ldap_debug_handler.c:25(samba_ldap_log_print_fn) [LDAP] TLS certificate verification: Error, self signed certificate [2011/10/29 22:36:39.268720, 1] lib/ldap_debug_handler.c:25(samba_ldap_log_print_fn) [LDAP] TLS: unable to get peer certificate. | ||||||||
| Tags | No tags attached. | ||||||||
| Attached Files | |||||||||
 Relationships |
|
 Relationships |
|
Notes |
|
|
(0000418) user2 2012-03-05 05:56 |
I love bug reports like this - many thanks! |
|
Notes |
|
Issue History |
|||
| Date Modified | Username | Field | Change |
| 2012-03-05 05:49 | devferret | New Issue | |
| 2012-03-05 05:56 | user2 | Note Added: 0000418 | |
| 2012-03-05 05:57 | user2 | Assigned To | => user2 |
| 2012-03-05 05:57 | user2 | Status | new => confirmed |
| 2012-03-09 19:32 | user2 | Product Version | => 5.2-SP1 |
| 2012-03-09 19:35 | user2 | Issue cloned: 0000478 | |
| 2012-03-09 19:40 | user2 | Category | samba => app-samba - Windows Networking |
| 2013-01-29 13:18 | user2 | Status | confirmed => resolved |
| 2013-01-29 13:18 | user2 | Fixed in Version | => 6.2.0 |
| 2013-01-29 13:18 | user2 | Resolution | open => fixed |
| 2013-01-29 13:18 | user2 | Status | resolved => closed |
|
Issue History |