Bestattungen Vitt - Thomas Reitelbach
2024-May-28 06:15 UTC
[Samba] Security Implications of "ldap server require strong auth"?
Am 28.05.2024 07:51, schrieb Christian Naumer via samba:> Am 28.05.24 um 07:34 schrieb Bestattungen Vitt - Thomas Reitelbach via > samba: >> >> Christian Naumer said, I can get Nextcloud to work without this >> insecure parameter - I'll have to figure out how I could acceppt a >> self-signed certificate on the side of apache2/php-ldap module. > > I checked our installation and found this in the Nextcloud Doku > (https://docs.nextcloud.com/server/28/admin_manual/configuration_user/user_auth_ldap.html): > > Turn off SSL certificate validation: > > Turns off SSL certificate checking. Use it for testing only! Note: > The effect of this setting depends on the PHP system configuration. It > does for example not work with the [official Nextcloud container > image](https://github.com/nextcloud/docker). To disable certificate > verification for a particular use, append the following configuration > line to your /etc/ldap/ldap.conf: > > ` TLS_REQCERT ALLOW `Thank you very much for your research, this is what I also found this morning with the correct google search terms :) Anyway, this is no longer samba related, so I'll close this thread here. And with the hints I got on this list I'll be able to reach my goal by myself now :) Cheers Thomas -- Bestattungen Vitt oHG Inhaber Willi & Thomas Reitelbach Rochusstra?e 176 53123 Bonn-Duisdorf Registergericht: Amtsgericht Bonn, HRA 7958 Facebook: http://www.facebook.de/bestattungenvitt Gedenkportal: http://begleiten.bestattungen-vitt.de Internet: http://www.bestattungen-vitt.de Telefon: 0228 - 62 68 68 Fax: 0228 - 978 30 36
Matthias Kühne | Ellerhold Aktiengesellschaft
2024-May-28 07:20 UTC
[Samba] Security Implications of "ldap server require strong auth"?
Hello Thomas, we've done the exact same thing: we have a few nextcloud instances bound to Samba (now 4.20, but 4.19 worked too). You HAVE to use "ldaps://<FQDN>" in the "Host" field and "636" in the "Port" field. For the certificates issues: either you create a CA, create the samba certificates and add this CA to the trusted certificate storage in linux or you just add the self-signed certificates to the trusted cert storage... Id prefer the first, because things like EasyRSA or Hashicorp Vault make it easy, but I dont know how big your deployment is and if its feasible for something like that. If you prefer: you can email me directly for more in-depth questions regarding nextcloud + samba. :) Have a nice day, Matthias. Am 28.05.24 um 08:15 schrieb Bestattungen Vitt - Thomas Reitelbach via samba:> Am 28.05.2024 07:51, schrieb Christian Naumer via samba: >> Am 28.05.24 um 07:34 schrieb Bestattungen Vitt - Thomas Reitelbach >> via samba: >>> >>> Christian Naumer said, I can get Nextcloud to work without this >>> insecure parameter - I'll have to figure out how I could acceppt a >>> self-signed certificate on the side of apache2/php-ldap module. >> >> I checked our installation and found this in the Nextcloud Doku >> (https://docs.nextcloud.com/server/28/admin_manual/configuration_user/user_auth_ldap.html): >> >> >> Turn off SSL certificate validation: >> >> ??? Turns off SSL certificate checking. Use it for testing only! Note: >> The effect of this setting depends on the PHP system configuration. It >> does for example not work with the [official Nextcloud container >> image](https://github.com/nextcloud/docker). To disable certificate >> verification for a particular use, append the following configuration >> line to your /etc/ldap/ldap.conf: >> >> ??? ` TLS_REQCERT ALLOW ` > > Thank you very much for your research, this is what I also found this > morning with the correct google search terms :) > Anyway, this is no longer samba related, so I'll close this thread > here. And with the hints I got on this list I'll be able to reach my > goal by myself now :) > > Cheers > Thomas >-- Senior Webentwickler Datenschutzbeauftragter Ellerhold Aktiengesellschaft Friedrich-List-Str. 4 01445 Radebeul Telefon: +49 (0) 351 83933-61 Web: www.ellerhold.de Facebook: www.facebook.com/ellerhold.gruppe Instagram: www.instagram.com/ellerhold.gruppe LinkedIn: www.linkedin.com/company/ellerhold-gruppe Amtsgericht Dresden / HRB 23769 Vorstand: Stephan Ellerhold, Maximilian Ellerhold Vorsitzender des Aufsichtsrates: Frank Ellerhold ---Diese E-Mail und Ihre Anlagen enthalten vertrauliche Mitteilungen. Sollten Sie nicht der beabsichtigte Adressat sein, so bitten wir Sie um Mitteilung und um sofortiges l?schen dieser E-Mail und der Anlagen. Unsere Hinweise zum Datenschutz finden Sie hier: http://www.ellerhold.de/datenschutz/ This e-mail and its attachments are privileged and confidential. If you are not the intended recipient, please notify us and immediately delete this e-mail and its attachments. You can find our privacy policy here: http://www.ellerhold.de/datenschutz/
Seemingly Similar Threads
- Security Implications of "ldap server require strong auth"?
- Security Implications of "ldap server require strong auth"?
- Security Implications of "ldap server require strong auth"?
- Security Implications of "ldap server require strong auth"?
- Security Implications of "ldap server require strong auth"?