Date: Sat, 7 Jan 2006 20:36:49 +0300 From: Playnet <playnet@mail333.com> To: freebsd-questions@freebsd.org Subject: samba+slapd Message-ID: <77478496.20060107203649@mail333.com>
next in thread | raw e-mail | index | archive | help
Hello freebsd-questions,
I need setup subj, it's need for my diplom. I need it to 20.01, but i
read many docs and cat't understand some bugs
I try to setup samba+ldap
samba-3.0.20,1 A free SMB and CIFS client and server for UNIX
openldap-sasl-server-2.2.28 Open source LDAP server implementation with SASL2 support
1) how create certificates? In docs use gencert.sh, but i cat't find this in my system
I create it:
# openssl genrsa -des3 -out ca.key 2048
# openssl req -new -x509 -days 1825 -utf8 -key ca.key -out ca.cert
in Common Name (eg, YOUR name) []: ldap.domain.ru
usercert:
# openssl genrsa -out user.key 1024
# openssl req -new -key user.key -out user.csr -utf8
# openssl x509 -req -in user.csr -out user.cert \
-CA ca.cert -CAkey ca.key -CAcreateserial -days 1095
# vi /usr/local/etc/openldap/slapd.conf
added:
disallow tls_authc
;Why? And how generate certs (?) correctly?
TLSCertificateFile /usr/local/etc/openldap/ssl/user.cert
TLSCertificateKeyFile /usr/local/etc/openldap/ssl/user.key
TLSCACertificateFile /usr/local/etc/openldap/ssl/ca.cert
Is it correct?
2) on start samba in /var/log/messages:
Jan 7 19:28:29 sstand slapd[53000]: OTP unavailable because can't read/write key database /etc/opiekeys: Permission denied
What i need?
3) on ldapsearch in /var/log/messages:
Jan 7 19:28:30 sstand ldapsearch: GSSAPI Error: Miscellaneous failure (see text) (open(/tmp/krb5cc_0): No such file or directory)
Why ldap wants kerberos and how to fix it?
4) Need i use PAM?
--
Best regards,
Playnet mailto:playnet@mail333.com
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?77478496.20060107203649>