From 2d6ed6639e522f23abc14aaae55467de78b82b9f Mon Sep 17 00:00:00 2001 From: "Dustin C. Hatch" Date: Mon, 9 Mar 2020 18:08:04 -0500 Subject: [PATCH] certs/samba: Add CAs to Samba certificate chain For reasons that totally elude me, Gitea LDAP authentication suddenly stopped working, citing an error about not trusting the server's certificate. I thought this was probably some change in a recent version of Gitea or Go that changed how the system trust store was used, but it turned out the problem was actually that Samba was not sending the intermediate CA certificate. I am not sure if this was always the case, and the fact that it worked before was a coincidence, or if something changed in Samba. In any case, the fix was (apparently) to include the intermediate and root CA certificates in the server certificate file. --- certs/samba/dc0.pyrocufflink.blue/samba.cer | 65 +++++++++++++++++++++ 1 file changed, 65 insertions(+) diff --git a/certs/samba/dc0.pyrocufflink.blue/samba.cer b/certs/samba/dc0.pyrocufflink.blue/samba.cer index d6d62bd..cd7da71 100644 --- a/certs/samba/dc0.pyrocufflink.blue/samba.cer +++ b/certs/samba/dc0.pyrocufflink.blue/samba.cer @@ -126,3 +126,68 @@ kBGm2i/YQWSryKGGG74fIOuQnMLtMLm4soWN+i6VTBHJUi6uNYGdFjuMvHdwbpfF HjJ5QUP0jxJQwNgwUWr4jjRhOh6959C6P4LVhazGQO8peHDSssnJaBjBY8fFW1wH q2BZqXWJP31wOBLai/rKwoaTnTH4UMPrh27xK7/a -----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIF9DCCA9ygAwIBAgIQEq6125a+Q7iNMRH0QpHv7jANBgkqhkiG9w0BAQsFADBA +MQswCQYDVQQGEwJVUzEYMBYGA1UECgwPRHVzdGluIEMuIEhhdGNoMRcwFQYDVQQD +DA5EQ0ggUm9vdCBDQSBSMTAeFw0xODAyMjExMzA0MTBaFw0yMzAyMjAxMzA0MTBa +MDsxCzAJBgNVBAYTAlVTMRgwFgYDVQQKDA9EdXN0aW4gQy4gSGF0Y2gxEjAQBgNV +BAMMCURDSCBDQSBSMTCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBAMHd +Vudcm2XgUCQ5us0mTmzbCkHt0RBGMbnq6V0E9YohWotuXFwj4uvqV4z8raDGNKEv +MQpLQ1qzcN7pElcBC8LS38F06sMdEJWkhp9xpZ96tF5oWN1XD7VVufuJbec+/ZLB +ZFt7lBkux9BxQhG42KWdhx/Xa4vL2XYyWgh5gis26jx5znBt40DlNhfPGwAzY2h4 +J1q+eMIBkggALPYIu79fpHdgBcIf4yHbltjAtwpypQa0btPu1pF+R/xKGphqOhEo +nl5hAiw9yZhEoJyLGWlG9SIyCfirti2g11lhE2UuXqNkf79PLJTmI/z07zsUj3x6 +4ERTZ/9Y+RxopDbKYlJGOBKnzmSboTLNObnyVUcs+shVuC8oRZr8/M1kVPpfGfp+ +3bHlz2UYqNKPNBaD9CYw4aN/tUSg0TP+A/I7sks4wOmyA+b0GB8JY+fdJtzsniuj +Q2TY/tF2wMapkhr6AQcVc0qACfoCPoN/ErwAH1NDBJ5/rC//6czyBv6Gzo1nRifQ +SN51dNrCGAyRMBFcz44bebKUyF5LdhzaiO/oQvdPtZt2/hy3HbqyDrDbKU6hSAPI +CmKroKUZhq4Z6HI1D3Lw3R8dKWryjdQdPvxgsMwsUpYq8bRfrNRa5QX8hmHiXddK +FP/46GBk+rFaXnDSW/nnxOGuEtBqSJBLchmdku+FAgMBAAGjge4wgeswEgYDVR0T +AQH/BAgwBgEB/wIBADALBgNVHQ8EBAMCAYYwSwYIKwYBBQUHAQEEPzA9MDsGCCsG +AQUFBzAChi9odHRwOi8vZHVzdGluLmhhdGNoLm5hbWUvZGNoLWNhL2RjaC1yb290 +LWNhLmNlcjAfBgNVHSMEGDAWgBTHv9/HaQWp6OM+287mR86SLScRajA7BgNVHR8E +NDAyMDCgLqAshipodHRwOi8vZHVzdGluLmhhdGNoLm5hbWUvZGNoLWNhL2RjaC1j +YS5jcmwwHQYDVR0OBBYEFOx5xQi3HgpnxuA0MTx52daD2UncMA0GCSqGSIb3DQEB +CwUAA4ICAQCDwoJ+/qHDyEevHvQ0U0/NgvFLLEuly5Sm01vgd/H9GgVGRxlDcpGw +lX6t4GU0RyMmCRLJgsA6KuKS5ObIB9CgqRHXPOxomZyIE2IOD9R4eiYE7IBlGLoN +qYw2DK9caRkErOrAPG4G9sdlq4n8g3BVhT6G23dZ3L2Hf83k2mWrlCLOoX+gElZa +BI3Ehsx37hTFib3VnJJhRXRgTNm9oVoFjMoHiZU/Vrrg7cKxcP6uvaGz2y6ckfpp +3h9Pv7wb0jWfK4BTvm5EPMYe8hVCrQVWJxnQ0eC5r1rzrmDovYTASb2+C9OHTq9O +WXxQJ4uF7R8ciG002IPjE1Yg97qhckwaITof3Ay1NRrlRuZmfwWQee6ASOp6jBLq +aEzE92qDskvtyhaYM07OXouo8wWwbGerV2kkAnvdSEw1WFMVIaG8zbKR8M0RRJYO +Ll9DiKH8M8cnRm0laSPWF0zuaJ/ZEobL0TfZQrsfNWUMwNFY1WM18BwtO+GiD6dR +KlxT07q525JaWeU1t8n5tf+7ouOzy+/9lDYAx6XwtfDnBbjfwOdh3HWn0nPzFXV8 +Xtk4F633qN4p0/DEW4a+uZ03cvxlyB+VtZtd1nihMwm9MC2qFXLuFlq0qtkw1GxD +A8Pq0NT8z86nlW3dfSChYE0whHQ7OkYVjHjoMTvjGDa8lk/2n0jkhw== +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIFTTCCAzWgAwIBAgIRAN29LEjhiUPYiq5sdIHdOWQwDQYJKoZIhvcNAQELBQAw +QDELMAkGA1UEBhMCVVMxGDAWBgNVBAoMD0R1c3RpbiBDLiBIYXRjaDEXMBUGA1UE +AwwORENIIFJvb3QgQ0EgUjEwHhcNMTgwMjIxMTIwNTA0WhcNMzgwMjE2MTIwNTA0 +WjBAMQswCQYDVQQGEwJVUzEYMBYGA1UECgwPRHVzdGluIEMuIEhhdGNoMRcwFQYD +VQQDDA5EQ0ggUm9vdCBDQSBSMTCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoC +ggIBAMYe2XxYTJL+A89LVgxuqCpTfFCGKsT/IDYVYP+81q+y9bASw9Oukn10usu+ +hFz4l31vnFO1jnXQlmZTmBiCzmGDqF1pTJ0XVPZrp+1V1xvWfQNYQpBjLqP6U2gz +RocGJMImi/0Y65lOHLakx6t1DuNX6QHgKk3ePc1XJyrTipEEDDJHph9sXQju1GI9 +JPATJppSrxX2hRrYqZlOARszg2pTr52QY90CfARJJI8iehI4k7maVHq2morkZN8R +JTrZH/8oOhJEFX5Ndeag8JTRvuKzVKiGHKZJ/xxjgDnqF14vSnOPmM7tsPpFMfvb +BRAOlXmLnKLV16xK1zZJ9b0nrQSGdnoHswS/TjbIDLQrMcTAhvYUzEFC9RwmTkVu +YrZPdK1mMtO+02KB46NhPGma71VBpl5T2FbFRaaEewvN/ny63Gm7CiCUyP165RhL +UGDMfNm1XhCc925d9leBgh9TboF8wbp5reTX2kcWnyHRPsKfNOOs9MffpoI7afuR +WyZjje2SWDuuD6awXhXWTD8LeHTQck8rR1cOTSvZIBo6trxhSTdUk2GQHIuR0JT0 +SpJBNQq2EYVNq0TJaY3Dy7myTTDmUWcpKz8Az+q0hn8+RFHMrKaZ0W0lR2HCSepK +E7D0X/W2TxcLSqJsPNozKA/vu1IFODtBNrFKOza4pHReXbmBAgMBAAGjQjBAMA8G +A1UdEwEB/wQFMAMBAf8wDgYDVR0PAQH/BAQDAgEGMB0GA1UdDgQWBBTHv9/HaQWp +6OM+287mR86SLScRajANBgkqhkiG9w0BAQsFAAOCAgEAUxWWIeCK+x0fz+2b38/q +fUJRvQHFCIaDD49mOVXCKB67OsrRz5HNzc/LP61qmqz5fCgg6IreVVESyy5B4rSI +wWVlV1D3DQUSeFx/Gk8mXgDYr/DW2YwnVtzexLr/Oo3vGSHGY9omrPEdugQerEFt +u523w7WakMFgLai23/735gtBYuXujiwKYAW1np+cdAdukry8pYYjWNH5ttS+FRsX +SkiJOgd/hYiSq01Qau6KpKdBBoPGh/np+uDuYsQwd132CoZxBr+X6eA1Yk0b2ZHh +2fC7mTihVzU1iWMIuWEMKDwvSLB1cFdzEQT3YPK1X0wVaq7zbzt82gdb22+wzThS +jdP4agkrbfK6YsutVVSl08TOOZdEGStnF2vyFoRMCLgJgsluXd4o21GgAKP0T9Vk +JkuW150Dp2A8C9krzm65PwK5MVN5cOVeiaGITDLtOoQctw3cVgS6tE0RjsNd2AgJ +eJ3+tFG1Hm3Bif5J+aiv7Nr66k5N4thANXU5j/Gfz5rVJCbsLGBtENWbuvgiSfi5 +lfiAgq8e0i30uLtiWKFLXU/InvXQeNta/sfckkeOQH8cjfCxaIrZbYlC3hq2jASU +Oy5M/Li2lVnm1JE5MT708nS3kiaMRrqY/4XBcGTmnJFMqQ7OB+0ZhsYtfizhO5qK +n9CDSAWdRluQIQ36oDgVn4o= +-----END CERTIFICATE-----