I am wondering if there is any documentation that describes the role TLS plays in LDAP security in Samba 3.x. I would like to understand what is the relationship of TLS with other LDAP security mechanisms like Kerberos via SASL and if TLS provides any added security. Is it like TLS provides an encrypted channel for all LDAP communications (privacy) whereas Kerberos just provides the authentication? I would appreciate any pointer, Cheers, -Arup
Arup Biswas wrote:> I am wondering if there is any documentation that describes the role TLS > plays in LDAP security in Samba 3.x. I would like to understand what is the > relationship of TLS with other LDAP security mechanisms like Kerberos via > SASL and if TLS provides any added security. Is it like TLS provides an > encrypted channel for all LDAP communications (privacy) whereas Kerberos > just provides the authentication? > > I would appreciate any pointer,As far as the samba <-> LDAP communication is concerned, you can use start_tls = yes in smb.conf to encrypt the traffic. AFAIK you cannot use SASL mechs like GSSAPI for this (samba does only simple binds). hth Paul