Samba AD DC TLS error – Failed to set default priorities

  Kiến thức lập trình

I installed Samba 4.19.1 from sources on Centos 7 and configured it as AD DC (according to the manual https://wiki.samba.org/index.php/Setting_up_Samba_as_an_Active_Directory_Domain_Controller). To set a user password via LDAP (i use Python ldap3), SSL (LDAPS) must be used, this is enabled by default and samba successfully creates certificates in /usr/local/samba/private/tls/ at startup.

However, when I try to make a test connection with the command

openssl s_client -shows certificates -connects localhost:636

I’m getting an error

139681239324560:error:140790E5:SSL procedures:ssl23_write:ssl confirmation error:s23_lib.c:177: peer certificate unavailable

In the samba logs

[2024/04/19 12:37:30.259588,  0] ../../source4/lib/tls/tls_tstream.c:1383(_tstream_tls_accept_send)
  _tstream_tls_accept_send: TLS ../../source4/lib/tls/tls_tstream.c:1383 - The request is invalid.. Failed to set default priorities

Tls_tstream.c:1383 is

 ret = **gnutls_set_default_priority**(tlss->tls_session);
        if (ret != GNUTLS_E_SUCCESS) {
                DBG_ERR("TLS %s - %s. Failed to set default prioritiesn",
                        __location__, gnutls_strerror(ret));
                tevent_req_error(req, EINVAL);
                return tevent_req_post(req, ev);
        }

Before compiling, I installed dependencies, among which were gnutls, compat-gnutls37-devel, compat-gnutls37-utils.
During samba compilation, the GnuTLS check was passed

Checking for GnuTLS >= 3.7.2 : yes

My smb.conf

[global]
        dns forwarder = 8.8.8.8
        netbios name = DC1
        realm = SAMDOM.COM
        server role = active directory domain controller
        workgroup = SAMDOM
        idmap_ldb:use rfc2307 = yes

[sysvol]
        path = /usr/local/samba/var/locks/sysvol
        read only = No

[netlogon]
        path = /usr/local/samba/var/locks/sysvol/samdom.com/scripts
        read only = No

As far as I understand, gnutls cannot set default priorities, what needs to be done to fix this?

PS. The same samba configuration but for Ubuntu and installed from the repository works fine, but my company uses Centos 7.

  • ldap
  • centos7
  • gnutls
  • samba-dc

New contributor

voytinsn is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.

LEAVE A COMMENT