samba - Sep 2019 - LDAP bind to AD fails

Am 18.09.19 um 19:32 schrieb Stefan G. Weichinger via
samba:
> Am 18.09.19 um 19:28 schrieb Stefan G. Weichinger via samba:
> 
>> So I would have to use "adc1.arbeitsgruppe.mydomain.at"
> 
> Tried that. Doesn't help so far.
> 
> gives:
> 
> [2019/09/18 19:32:07.544332,  1]
> ../source4/lib/tls/tls_tstream.c:1439(tstream_tls_retry_handshake)
>   TLS ../source4/lib/tls/tls_tstream.c:1439 - A TLS fatal alert has been
> received.
> [2019/09/18 19:32:07.544401,  1]
>
../source4/ldap_server/ldap_extended.c:89(ldapsrv_starttls_postprocess_done)
>   ldapsrv_starttls_postprocess_done: accept_tls_loop:
> tstream_tls_accept_recv() - 5:Input/output error =>
> NT_STATUS_IO_DEVICE_ERRORstream_terminate_connection: Terminating
> connection - 'ldapsrv_call_postprocess_done:
call->postprocess_recv() -
> NT_STATUS_IO_DEVICE_ERROR'
> 
> again
I assume I have to somehow import the Samba-ADS-CA into pfsense?

I took /var/lib/samba/private/tls/ca.pem and imported that as an
additional CA ...

... and now it works ... I wonder how long ...

thanks so far!

Am 18.09.19 um 19:43 schrieb Stefan G. Weichinger via samba:
> I assume I have to somehow import the Samba-ADS-CA into pfsense?
> 
> I took /var/lib/samba/private/tls/ca.pem and imported that as an
> additional CA ...
> 
> ... and now it works ... I wonder how long ...
and then it failed
and now it works

hmm ... will check back tmrw

Am 18.09.19 um 21:41 schrieb Stefan G. Weichinger via
samba:
> Am 18.09.19 um 19:43 schrieb Stefan G. Weichinger via samba:
> 
>> I assume I have to somehow import the Samba-ADS-CA into pfsense?
>>
>> I took /var/lib/samba/private/tls/ca.pem and imported that as an
>> additional CA ...
>>
>> ... and now it works ... I wonder how long ...
> 
> and then it failed
> and now it works
> 
> hmm ... will check back tmrw
Do I have to add ca.pem or cert.pem??

reference:

https://forum.netgate.com/topic/146634/openvpn-auth-via-samba4-ads-ldap