4 [Appendix A] A
.4 Setting Up SSL Proxy
</title><META NAME=
"DC.title" CONTENT=
""><META NAME=
"DC.creator" CONTENT=
""><META NAME=
"DC.publisher" CONTENT=
"O'Reilly & Associates, Inc."><META NAME=
"DC.date" CONTENT=
"1999-11-05T21:41:41Z"><META NAME=
"DC.type" CONTENT=
"Text.Monograph"><META NAME=
"DC.format" CONTENT=
"text/html" SCHEME=
"MIME"><META NAME=
"DC.source" CONTENT=
"" SCHEME=
"ISBN"><META NAME=
"DC.language" CONTENT=
"en-US"><META NAME=
"generator" CONTENT=
"Jade 1.1/O'Reilly DocBook 3.0 to HTML 4.0"></head>
5 <BODY BGCOLOR=
"#FFFFFF" TEXT=
"#000000" link=
"#990000" vlink=
"#0000CC">
6 <table BORDER=
"0" CELLPADDING=
"0" CELLSPACING=
"0" width=
"90%">
8 <td width=
"25%" valign=
"TOP">
9 <img hspace=
10 vspace=
10 src=
"gifs/samba.s.gif"
10 alt=
"Using Samba" align=left valign=top border=
0>
12 <td height=
"105" valign=
"TOP">
16 Robert Eckstein, David Collier-Brown, Peter Kelly
17 <br>1st Edition November
1999
18 <br>1-
56592-
449-
5, Order Number:
4495
21 <p> <a href=
"http://www.oreilly.com/catalog/samba/">Buy the hardcopy
</a>
22 <p><a href=
"index.html">Table of Contents
</a>
27 <!--sample chapter begins -->
31 <TABLE WIDTH=
"515" BORDER=
"0" CELLSPACING=
"0" CELLPADDING=
"0">
33 <TD ALIGN=
"LEFT" VALIGN=
"TOP" WIDTH=
"172">
34 <A CLASS=
"sect1" HREF=
"appa_03.html" TITLE=
"A.3 Installing SSLeay">
35 <IMG SRC=
"gifs/txtpreva.gif" ALT=
"Previous: A.3 Installing SSLeay" BORDER=
"0"></a></td><TD ALIGN=
"CENTER" VALIGN=
"TOP" WIDTH=
"171">
37 <FONT FACE=
"ARIEL,HELVETICA,HELV,SANSERIF" SIZE=
"-1">
38 <A CLASS=
"appendix" REL=
"up" HREF=
"appa_01.html" TITLE=
"A. Configuring Samba with SSL">
40 Configuring Samba with SSL
</a></font></b></td><TD ALIGN=
"RIGHT" VALIGN=
"TOP" WIDTH=
"172">
41 <A CLASS=
"sect1" HREF=
"appa_05.html" TITLE=
"A.5 SSL Configuration Options">
42 <IMG SRC=
"gifs/txtnexta.gif" ALT=
"Next: A.5 SSL Configuration Options" BORDER=
"0"></a></td></tr></table> <hr noshade size=
1></center>
47 <A CLASS=
"title" NAME=
"appa-pgfId-986788">
48 A
.4 Setting Up SSL Proxy
</a></h2><P CLASS=
"para">
49 The SSL Proxy program is available as a standalone binary or as source code. You can download it from
<A CLASS=
"systemitem.url" HREF=
"http://obdev.at/Products/sslproxy.html">
50 http://obdev.at/Products/sslproxy.html
</a>.
</p><P CLASS=
"para">
51 Once it is downloaded, you can configure and compile it like Samba. We will configure it on a Windows NT system. However, setting it up for a Unix system involves a nearly identical series of steps. Be sure that you are the superuser (administrator) for the next series of steps.
</p><P CLASS=
"para">
52 If you downloaded the binary for Windows NT, you should have the following files in a directory:
</p><UL CLASS=
"itemizedlist">
55 <A CLASS=
"listitem" NAME=
"appa-pgfId-986793">
56 </a><I CLASS=
"filename">
57 cygwinb19.dll
</i></p></li><LI CLASS=
"listitem">
59 <A CLASS=
"listitem" NAME=
"appa-pgfId-986794">
60 </a><I CLASS=
"filename">
61 README.TXT
</i></p></li><LI CLASS=
"listitem">
63 <A CLASS=
"listitem" NAME=
"appa-pgfId-986795">
64 </a><I CLASS=
"filename">
65 sslproxy.exe
</i></p></li><LI CLASS=
"listitem">
67 <A CLASS=
"listitem" NAME=
"appa-pgfId-986796">
68 </a><I CLASS=
"filename">
69 dummyCert.pem
</i></p></li></ul><P CLASS=
"para">
70 The only one that you will be interested in is the SSL Proxy executable. Copy over the
<EM CLASS=
"emphasis">
71 phoenix.pem
</em> and
<EM CLASS=
"emphasis">
72 phoenix.key
</em> files that you generated earlier for the client to the same directory as the SSL proxy executable. Make sure that the directory is secure from the prying eyes of other users.
</p><P CLASS=
"para">
73 The next step is to ensure that the Windows NT machine can resolve the NetBIOS name of the Samba server. This means that you should either have a WINS server up and running (the Samba server can perform this task with the
<CODE CLASS=
"literal">
74 wins
</code> <CODE CLASS=
"literal">
75 support
</code> <CODE CLASS=
"literal">
76 =
</code> <CODE CLASS=
"literal">
77 yes
</code> option) or have it listed in the appropriate
<EM CLASS=
"emphasis">
78 hosts
</em> file of the system. See
<a href=
"ch07_01.html"><b>Chapter
7,
<CITE CLASS=
"chapter">Printing and Name Resolution
</cite></b></a>, for more information on WINS server.[
<A CLASS=
"footnote" HREF=
"#appa-pgfId-986801">1</a>]
</p><BLOCKQUOTE CLASS=
"footnote">
79 <DIV CLASS=
"footnote">
81 <A CLASS=
"footnote" NAME=
"appa-pgfId-986801">[
1]
</a> If you are running SSL Proxy on a Unix server, you should ensure that the DNS name of the Samba server can be resolved.
</p></div></blockquote><P CLASS=
"para">
82 Finally, start up SSL Proxy with the following command. Here, we assume that
<CODE CLASS=
"literal">
83 hydra
</code> is the name of the Samba server:
</p><PRE CLASS=
"programlisting">
84 #
<CODE CLASS=
"userinput"><B>C:\SSLProxy
>sslproxy -l
139 -R hydra -r
139 -n -c phoenix.pem -k phoenix.key
</b></code></pre><P CLASS=
"para">
85 This tells SSL Proxy to listen for connections to port
139 and relay those requests to port
139 on the NetBIOS machine
<CODE CLASS=
"literal">
86 hydra
</code>. It also instructs SSL Proxy to use the
<I CLASS=
"filename">
87 phoenix.pem
</i> and
<I CLASS=
"filename">
88 phoenix.key
</i> files to generate the certificate and keys necessary to initiate the SSL connection. SSL Proxy responds with:
</p><PRE CLASS=
"programlisting">
89 Enter PEM pass phrase:
</pre><P CLASS=
"para">
90 Enter the PEM pass phrase of the client keypair that you generated,
<EM CLASS=
"emphasis">
91 not
</em> the certificate authority. You should then see the following output:
</p><PRE CLASS=
"programlisting">
92 SSL: No verify locations, trying default
93 proxy ready, listening for connections
</pre><P CLASS=
"para">
94 That should take care of the client. You can place this command in a startup sequence on either Unix or Windows NT if you want this functionality available at all times. Be sure to set any clients you have connecting to the NT server (including the NT server itself) to point to this server instead of the Samba server.
</p><P CLASS=
"para">
95 After you've completed setting this up, try to connect using clients that proxy through the NT server. You should find that it works almost transparently.
</p></div></blockquote>
98 <hr noshade size=
1><TABLE WIDTH=
"515" BORDER=
"0" CELLSPACING=
"0" CELLPADDING=
"0">
100 <TD ALIGN=
"LEFT" VALIGN=
"TOP" WIDTH=
"172">
101 <A CLASS=
"sect1" HREF=
"appa_03.html" TITLE=
"A.3 Installing SSLeay">
102 <IMG SRC=
"gifs/txtpreva.gif" ALT=
"Previous: A.3 Installing SSLeay" BORDER=
"0"></a></td><TD ALIGN=
"CENTER" VALIGN=
"TOP" WIDTH=
"171">
103 <A CLASS=
"book" HREF=
"index.html" TITLE=
"">
104 <IMG SRC=
"gifs/txthome.gif" ALT=
"" BORDER=
"0"></a></td><TD ALIGN=
"RIGHT" VALIGN=
"TOP" WIDTH=
"172">
105 <A CLASS=
"sect1" HREF=
"appa_05.html" TITLE=
"A.5 SSL Configuration Options">
106 <IMG SRC=
"gifs/txtnexta.gif" ALT=
"Next: A.5 SSL Configuration Options" BORDER=
"0"></a></td></tr><TR>
107 <TD ALIGN=
"LEFT" VALIGN=
"TOP" WIDTH=
"172">
108 A
.3 Installing SSLeay
</td><TD ALIGN=
"CENTER" VALIGN=
"TOP" WIDTH=
"171">
109 <A CLASS=
"index" HREF=
"inx.html" TITLE=
"Book Index">
110 <IMG SRC=
"gifs/index.gif" ALT=
"Book Index" BORDER=
"0"></a></td><TD ALIGN=
"RIGHT" VALIGN=
"TOP" WIDTH=
"172">
111 A
.5 SSL Configuration Options
</td></tr></table><hr noshade size=
1></center>
114 <!-- End of sample chapter -->
116 <FONT SIZE=
"1" FACE=
"Verdana, Arial, Helvetica">
117 <A HREF=
"http://www.oreilly.com/">
118 <B>O'Reilly Home
</B></A> <B> |
</B>
119 <A HREF=
"http://www.oreilly.com/sales/bookstores">
120 <B>O'Reilly Bookstores
</B></A> <B> |
</B>
121 <A HREF=
"http://www.oreilly.com/order_new/">
122 <B>How to Order
</B></A> <B> |
</B>
123 <A HREF=
"http://www.oreilly.com/oreilly/contact.html">
124 <B>O'Reilly Contacts
<BR></B></A>
125 <A HREF=
"http://www.oreilly.com/international/">
126 <B>International
</B></A> <B> |
</B>
127 <A HREF=
"http://www.oreilly.com/oreilly/about.html">
128 <B>About O'Reilly
</B></A> <B> |
</B>
129 <A HREF=
"http://www.oreilly.com/affiliates.html">
130 <B>Affiliated Companies
</B></A><p>
131 <EM>© 1999, O'Reilly
& Associates, Inc.
</EM>