Dear It is possible to configure Samba 4.4.5 to accept queries that do not use TLS? I'm having trouble authenticating the Proxy / SquidGuard in AD Samba 4.4.5. I get this error: (squidGuard): ldap_simple_bind_s failed: Strong(er) authentication required I read the wiki Samba, the new versions are working with authentication TLS encrypted connections. It is possible to configure Samba to return to receive authentication in normal mode?
Hello Ricardo, Am 18.08.2016 um 22:17 schrieb Ricardo Pardim Claus via samba:> It is possible to configure Samba 4.4.5 to accept queries that do not use TLS? > I'm having trouble authenticating the Proxy / SquidGuard in AD Samba 4.4.5. > > I get this error: > > (squidGuard): ldap_simple_bind_s failed: Strong(er) authentication required > > I read the wiki Samba, the new versions are working with authentication TLS encrypted connections. > It is possible to configure Samba to return to receive authentication in normal mode?https://wiki.samba.org/index.php/Updating_Samba#Default_for_LDAP_Connections_Requires_Strong_Authentication_.28updating_from_.3C.3D4.4.0.2C_.3C.3D4.3.6_or_.3C.3D4.2.9.29 Why don't you configure your proxy / SquidGuard to establish an encrypted connection instead? Regards, Marc
On 19 August 2016 at 06:48, Marc Muehlfeld via samba <samba at lists.samba.org> wrote:> Hello Ricardo, > > Am 18.08.2016 um 22:17 schrieb Ricardo Pardim Claus via samba: > > It is possible to configure Samba 4.4.5 to accept queries that do not > use TLS? > > I'm having trouble authenticating the Proxy / SquidGuard in AD Samba > 4.4.5. > > > > I get this error: > > > > (squidGuard): ldap_simple_bind_s failed: Strong(er) authentication > required > > > > I read the wiki Samba, the new versions are working with authentication > TLS encrypted connections. > > It is possible to configure Samba to return to receive authentication in > normal mode? > > > https://wiki.samba.org/index.php/Updating_Samba#Default_ > for_LDAP_Connections_Requires_Strong_Authentication_. > 28updating_from_.3C.3D4.4.0.2C_.3C.3D4.3.6_or_.3C.3D4.2.9.29 > > Why don't you configure your proxy / SquidGuard to establish an > encrypted connection instead? > > > Regards, > Marc > > > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/options/samba >Marc, We're in a similar place. Is there really any value having samba and squid use TLS when they're on the same box (which in our case is accessed via openvpn)? Regards, Dewayne
Or better, drop the ldap auth and go use kerberos auth, faster and more secure by default. If you want to know the config, just ask me. Im running that. Samba 4.4.5 ad, squid 3.5.19 + squidclamav-icap With kerberos auth, fallback to NTLM auth, fallback to ldap(s) and tip ahead, squid 3.5.20+ supports ldaps groups filters. Only for squidguard i dont know if its supports ldaps. Greetz, Louis> -----Oorspronkelijk bericht----- > Van: samba [mailto:samba-bounces at lists.samba.org] Namens Marc Muehlfeld > via samba > Verzonden: donderdag 18 augustus 2016 22:48 > Aan: Ricardo Pardim Claus; samba at lists.samba.org > Onderwerp: Re: [Samba] Allow unencrypted TLS LDAP query > > Hello Ricardo, > > Am 18.08.2016 um 22:17 schrieb Ricardo Pardim Claus via samba: > > It is possible to configure Samba 4.4.5 to accept queries that do not > use TLS? > > I'm having trouble authenticating the Proxy / SquidGuard in AD Samba > 4.4.5. > > > > I get this error: > > > > (squidGuard): ldap_simple_bind_s failed: Strong(er) authentication > required > > > > I read the wiki Samba, the new versions are working with authentication > TLS encrypted connections. > > It is possible to configure Samba to return to receive authentication in > normal mode? > > > https://wiki.samba.org/index.php/Updating_Samba#Default_for_LDAP_Connectio > ns_Requires_Strong_Authentication_.28updating_from_.3C.3D4.4.0.2C_.3C.3D4. > 3.6_or_.3C.3D4.2.9.29 > > Why don't you configure your proxy / SquidGuard to establish an > encrypted connection instead? > > > Regards, > Marc > > > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/options/samba
Dear Marc, While I can not create a connection between TLS encrypts SquidGuard and Samba4, I opted to disable encryption on Samba. These options I added in the [global] smb.conf: client ldap sasl wrapping = sign ldap server require strong auth = no Thanks for the support.>Hello Ricardo,>Am 18.08.2016 um 22:17 schrieb Ricardo Pardim Claus via samba: >> It is possible to configure Samba 4.4.5 to accept queries that do not use TLS? >> I'm having trouble authenticating the Proxy / SquidGuard in AD Samba 4.4.5. >> >> I get this error: >> >> (squidGuard): ldap_simple_bind_s failed: Strong(er) authentication required >> >> I read the wiki Samba, the new versions are working with authentication TLS encrypted connections. >> It is possible to configure Samba to return to receive authentication in normal mode? >https://wiki.samba.org/index.php/Updating_Samba#Default_for_LDAP_Connections_Requires_Strong_Authentication_.28updating_from_.3C.3D4.4.0.2C_.3C.3D4.3.6_or_.3C.3D4.2.9.29>Why don't you configure your proxy / SquidGuard to establish an >encrypted connection instead?>Regards, >Marc