I installed Samba 4.19.1 from sources on Centos 7 and configured it as AD DC (according to the manual https://wiki.samba.org/index.php/Setting_up_Samba_as_an_Active_Directory_Domain_Controller). To set a user password via LDAP (i use Python ldap3), SSL (LDAPS) must be used, this is enabled by default and samba successfully creates certificates in /usr/local/samba/private/tls/
at startup.
However, when I try to make a test connection with the command
openssl s_client -shows certificates -connects localhost:636
I’m getting an error
139681239324560:error:140790E5:SSL procedures:ssl23_write:ssl confirmation error:s23_lib.c:177: peer certificate unavailable
In the samba logs
[2024/04/19 12:37:30.259588, 0] ../../source4/lib/tls/tls_tstream.c:1383(_tstream_tls_accept_send)
_tstream_tls_accept_send: TLS ../../source4/lib/tls/tls_tstream.c:1383 - The request is invalid.. Failed to set default priorities
Tls_tstream.c:1383 is
ret = **gnutls_set_default_priority**(tlss->tls_session);
if (ret != GNUTLS_E_SUCCESS) {
DBG_ERR("TLS %s - %s. Failed to set default prioritiesn",
__location__, gnutls_strerror(ret));
tevent_req_error(req, EINVAL);
return tevent_req_post(req, ev);
}
Before compiling, I installed dependencies, among which were gnutls, compat-gnutls37-devel, compat-gnutls37-utils
.
During samba compilation, the GnuTLS check was passed
Checking for GnuTLS >= 3.7.2 : yes
My smb.conf
[global]
dns forwarder = 8.8.8.8
netbios name = DC1
realm = SAMDOM.COM
server role = active directory domain controller
workgroup = SAMDOM
idmap_ldb:use rfc2307 = yes
[sysvol]
path = /usr/local/samba/var/locks/sysvol
read only = No
[netlogon]
path = /usr/local/samba/var/locks/sysvol/samdom.com/scripts
read only = No
As far as I understand, gnutls cannot set default priorities, what needs to be done to fix this?
PS. The same samba configuration but for Ubuntu and installed from the repository works fine, but my company uses Centos 7.