Hello. First, sorry for my English, I try to write correctly. I have a problem with the samba-dc-ac daemon. I am trying to connect a squid server with authentication against the samba-dc-ac database. With encryption I can not connect to the squid server I have no option to accept any certificate. It is a self-signed certificate. I suspect that the problem is here. I can not connect to port 389 without encryption. Is this possible? As I have the server secure I do not worry that that password travel without encryption. But I can not find the way to enable traffic without encryption.>From already thank you very much.Epsilon.
Hello, Am 23.01.2017 um 04:58 schrieb Epsilon Minus via samba:> I have a problem with the samba-dc-ac daemon. > I am trying to connect a squid server with authentication against the > samba-dc-ac database. > > With encryption I can not connect to the squid server I have no option > to accept any certificate. > It is a self-signed certificate. I suspect that the problem is here. > > I can not connect to port 389 without encryption. Is this possible?I think this is what you missed: https://wiki.samba.org/index.php/Updating_Samba#New_Default_for_LDAP_Connections_Requires_Strong_Authentication Anyway, you should try avoiding unencrypted connections. I'm sure Squid supports this. Regards, Marc
If you want to use LDAP over TLS, in (at least on Centos/RHEL) /etc/openldap/ldap.conf, add a line: TLS_REQCERT never Then your Squid server should not try to verify your samba's cert against a CA. Alternatively, get the CA cert from the samba server and add it to the trusted CA's on the squid box. Cheers Alex On 23/01/17 03:58, Epsilon Minus via samba wrote:> Hello. > > First, sorry for my English, I try to write correctly. > > I have a problem with the samba-dc-ac daemon. > I am trying to connect a squid server with authentication against the > samba-dc-ac database. > > With encryption I can not connect to the squid server I have no option > to accept any certificate. > It is a self-signed certificate. I suspect that the problem is here. > > I can not connect to port 389 without encryption. Is this possible? > > As I have the server secure I do not worry that that password travel > without encryption. But I can not find the way to enable traffic > without encryption. > > From already thank you very much. > > Epsilon. >-- This message is intended only for the addressee and may contain confidential information. Unless you are that person, you may not disclose its contents or use it in any way and are requested to delete the message along with any attachments and notify us immediately. This email is not intended to, nor should it be taken to, constitute advice. The information provided is correct to our knowledge & belief and must not be used as a substitute for obtaining tax, regulatory, investment, legal or any other appropriate advice. "Transact" is operated by Integrated Financial Arrangements Ltd. 29 Clement's Lane, London EC4N 7AE. Tel: (020) 7608 4900 Fax: (020) 7608 5300. (Registered office: as above; Registered in England and Wales under number: 3727592). Authorised and regulated by the Financial Conduct Authority (entered on the Financial Services Register; no. 190856).
Thanks You. In smb.conf add ldap server require strong auth = No Then i can connect por 389 and without encryption.! 2017-01-23 16:33 GMT-03:00 Alex Crow via samba <samba at lists.samba.org>:> If you want to use LDAP over TLS, in (at least on Centos/RHEL) > /etc/openldap/ldap.conf, add a line: > > TLS_REQCERT never > > Then your Squid server should not try to verify your samba's cert > against a CA. > > Alternatively, get the CA cert from the samba server and add it to the > trusted CA's on the squid box. > > Cheers > > Alex > > > On 23/01/17 03:58, Epsilon Minus via samba wrote: >> Hello. >> >> First, sorry for my English, I try to write correctly. >> >> I have a problem with the samba-dc-ac daemon. >> I am trying to connect a squid server with authentication against the >> samba-dc-ac database. >> >> With encryption I can not connect to the squid server I have no option >> to accept any certificate. >> It is a self-signed certificate. I suspect that the problem is here. >> >> I can not connect to port 389 without encryption. Is this possible? >> >> As I have the server secure I do not worry that that password travel >> without encryption. But I can not find the way to enable traffic >> without encryption. >> >> From already thank you very much. >> >> Epsilon. >> > > -- > This message is intended only for the addressee and may contain > confidential information. Unless you are that person, you may not > disclose its contents or use it in any way and are requested to delete > the message along with any attachments and notify us immediately. > This email is not intended to, nor should it be taken to, constitute advice. > The information provided is correct to our knowledge & belief and must not > be used as a substitute for obtaining tax, regulatory, investment, legal or > any other appropriate advice. > > "Transact" is operated by Integrated Financial Arrangements Ltd. > 29 Clement's Lane, London EC4N 7AE. Tel: (020) 7608 4900 Fax: (020) 7608 5300. > (Registered office: as above; Registered in England and Wales under > number: 3727592). Authorised and regulated by the Financial Conduct > Authority (entered on the Financial Services Register; no. 190856). > > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/options/samba
Reasonably Related Threads
- GPO Security Filtering "Access Denied"
- GPO Security Filtering "Access Denied"
- ntlmssp_server_postauth: invalid NTLMSSP_MIC on CTDB fileserver (NT-style domain)
- ntlmssp_server_postauth: invalid NTLMSSP_MIC on CTDB fileserver (NT-style domain)
- gpupdate use wrong url