Bug 7967 - TLS keys and certificates dont match.
Summary: TLS keys and certificates dont match.
Status: RESOLVED INVALID
Alias: None
Product: Samba 4.0
Classification: Unclassified
Component: Other (show other bugs)
Version: unspecified
Hardware: x64 Linux
: P3 critical (vote)
Target Milestone: ---
Assignee: Andrew Bartlett
QA Contact: samba4-qa@samba.org
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2011-02-21 11:00 UTC by Jacob Oliver (mail address dead)
Modified: 2011-02-22 05:16 UTC (History)
0 users

See Also:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Jacob Oliver (mail address dead) 2011-02-21 11:00:12 UTC 
Hi, im running Samba4.0.0-alpha15-GIT on ubuntu 10 and im experiencing problems with certificates and keys generated by GNUTLS. I managed to install with the new installation format, heres the commands im using(im not totally sure if its part of ./configure.developer):

root@SERVER:/Samba/samba4# ./configure.developer --enable-gnutls --enable-uid-wrapper --enable-nss-wrapper --enable-socket-wrapper --enable-build-farm --abi-check --abi-update --enable-talloc-compat1 --symbol-check --enable-selftest --download

root@SERVER:/Samba/samba4# make

root@SERVER:/Samba/samba# make install

root@SERVER:/Samba/samba4# source4/setup/provision --realm=mestizaje.org --domain=MESTIZAJE --adminpass=XjC2Ff-Nsv --use-xattrs=yes --function-level=2008_R2 --host-ip=192.168.1.50 --host-name=Amorak --server-role='domain controller'

And heres the log:
[Mon Feb 21 16:41:44 2011 GMT, 0 ../source4/smbd/server.c:368:binary_smbd_main()]
samba version 4.0.0alpha15-GIT-2ba57fd started.
Copyright Andrew Tridgell and the Samba Team 1992-2011
[Mon Feb 21 16:41:44 2011 GMT, 0 ../source4/smbd/server.c:470:binary_smbd_main()]
samba: using 'standard' process model
[Mon Feb 21 16:41:44 2011 GMT, 0 ../source4/lib/tls/tls_tstream.c:1147:tstream_tls_params_server()]
TLS failed to initialise certfile /usr/local/samba/private/tls/cert.pem and keyfile /usr/local/samba/private/tls/key.pem - The certificate and the given key do not match.
[Mon Feb 21 16:41:44 2011 GMT, 0 ../source4/ldap_server/ldap_server.c:942:ldapsrv_task_init()]
ldapsrv failed tstream_tls_patams_server - NT_STATUS_CANT_ACCESS_DOMAIN_INFO
[Mon Feb 21 16:41:44 2011 GMT, 0 ../source4/smbd/service_task.c:35:task_server_terminate()]
task_server_terminate: [Failed to startup ldap server task]
[Mon Feb 21 16:41:44 2011 GMT, 0 ../source4/lib/tls/tls.c:419:tls_initialise()]
TLS failed to initialise certfile /usr/local/samba/private/tls/cert.pem and keyfile /usr/local/samba/private/tls/key.pem
[Mon Feb 21 16:41:44 2011 GMT, 0 ../source4/lib/tls/tls.c:453:tls_initialise()]
GNUTLS failed to initialise - The certificate and the given key do not match.
Comment 1 Jacob Oliver (mail address dead) 2011-02-22 05:05:46 UTC 
Okay, this has been resolved, im not sure what went wrong (possibly talloc?) and im not sure if its just a broken ubuntu system or if samba-tool from the git repository and a lot of other tools (testparm,wbinfo, etc.), but im encountering this with samba3, so i guess it could just be that.
Comment 2 Matthias Dieter Wallnöfer 2011-02-22 05:16:25 UTC 
Okay, thanks - then I will mark this as INVALID (not a real bug).