thr3ads.net - samba - [Samba] Samba4 and sssd authentication not working due "Transport encryption required." [Sep 2016]

If this information is useful, please help other people find it:
Share via:

Marc Muehlfeld

2016-Sep-03 13:18 UTC

[Samba] Samba4 and sssd authentication not working due "Transport encryption required."

Hi Fosiul,

Am 03.09.2016 um 14:59 schrieb Fosiul Alam via samba:> from Samba4 side i need this help, I can see that sshd has this option, can
> you just tell me by default when i installed samba4 , did it create any
> .crt file , if yes where? which i can use in sssd tls authenticaiton ?
> Thanks for the help
# ls -1 /usr/local/samba/private/tls/*.pem
/usr/local/samba/private/tls/ca.pem
/usr/local/samba/private/tls/cert.pem
/usr/local/samba/private/tls/key.pem



Regards,
Marc

Fosiul Alam

2016-Sep-03 20:24 UTC

head link

[Samba] Samba4 and sssd authentication not working due "Transport encryption required."

Hi Thanks to All.

so i understand that i will have to use ca.pem from Clinet to
authenticaiotn vis tls , is that right ?

also, if i use default tls file which was created by samba4 installation,
do i need to add them into smb.conf ?
I can see the wiki say, if i create selfsigned then i will need add, but I
am not sure if this is true for defautl .pem file ?

bellow is smb.conf

Thanks for the help

# Global parameters
[global]
        bind interfaces only = Yes
        interfaces = lo eth0 eth1
        netbios name = xxxx
        realm = xx.xx
        workgroup = xxx
        server role = active directory domain controller
        idmap_ldb:use rfc2307 = yes
        comment 
[netlogon]
        path = /usr/local/samba/var/locks/sysvol/upc.acc/scripts
        read only = No

[sysvol]
        path = /usr/local/samba/var/locks/sysvol
        read only = No
~


On Sat, Sep 3, 2016 at 2:18 PM, Marc Muehlfeld <mmuehlfeld at samba.org>
wrote:
> Hi Fosiul,
>
> Am 03.09.2016 um 14:59 schrieb Fosiul Alam via samba:
> > from Samba4 side i need this help, I can see that sshd has this
option,
> can
> > you just tell me by default when i installed samba4 , did it create
any
> > .crt file , if yes where? which i can use in sssd tls authenticaiton ?
> > Thanks for the help
>
> # ls -1 /usr/local/samba/private/tls/*.pem
> /usr/local/samba/private/tls/ca.pem
> /usr/local/samba/private/tls/cert.pem
> /usr/local/samba/private/tls/key.pem
>
>
>
> Regards,
> Marc
>
>

-- 
Regards
Fosiul Alam

Rowland Penny

2016-Sep-03 21:10 UTC

head link

[Samba] Samba4 and sssd authentication not working due "Transport encryption required."

On Sat, 3 Sep 2016 21:24:07 +0100
Fosiul Alam <fosiul at gmail.com> wrote:
> Hi Thanks to All.
> 
> so i understand that i will have to use ca.pem from Clinet to
> authenticaiotn vis tls , is that right ?
> 
> also, if i use default tls file which was created by samba4
> installation, do i need to add them into smb.conf ?
> I can see the wiki say, if i create selfsigned then i will need add,
> but I am not sure if this is true for defautl .pem file ?
> 
> bellow is smb.conf
> 
> Thanks for the help
> 
> # Global parameters
> [global]
>         bind interfaces only = Yes
>         interfaces = lo eth0 eth1
>         netbios name = xxxx
>         realm = xx.xx
>         workgroup = xxx
>         server role = active directory domain controller
>         idmap_ldb:use rfc2307 = yes
>         comment > 
> [netlogon]
>         path = /usr/local/samba/var/locks/sysvol/upc.acc/scripts
>         read only = No
> 
> [sysvol]
>         path = /usr/local/samba/var/locks/sysvol
>         read only = No
> ~
> 
> 
> On Sat, Sep 3, 2016 at 2:18 PM, Marc Muehlfeld <mmuehlfeld at
samba.org>
> wrote:
> 
> > Hi Fosiul,
> >
> > Am 03.09.2016 um 14:59 schrieb Fosiul Alam via samba:
> > > from Samba4 side i need this help, I can see that sshd has this
> > > option,
> > can
> > > you just tell me by default when i installed samba4 , did it
> > > create any .crt file , if yes where? which i can use in sssd tls
> > > authenticaiton ? Thanks for the help
> >
> > # ls -1 /usr/local/samba/private/tls/*.pem
> > /usr/local/samba/private/tls/ca.pem
> > /usr/local/samba/private/tls/cert.pem
> > /usr/local/samba/private/tls/key.pem
> >
> >
> >
> > Regards,
> > Marc
> >
> >
> 
> 
Look Fosiul, I am trying to help you but you are not listening to me.
You shouldn't be using ldap with sssd against active directory, it
therefore follows you shouldn't be using tls either.

Go and read this:

https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/7/html/Windows_Integration_Guide/SSSD-AD.html

Try to use it and if you are still having problems, ask on the
sssd-users mailing list.

You will only get information and help from people who use sssd here,
you will get information and help from the people who write sssd on the
sssd-users mailing list

I will say it once again, your way of using ldap with sssd is outdated
and has been replaced by the 'ad' providers.

If all you require is to authenticate users and groups on the DC, then
use winbind, this is a Samba package and is fully supported here.

Rowland

Reasonably Related Threads

Search for more reasonably related threads

samba - Sep 2016 - Samba4 and sssd authentication not working due "Transport encryption required."

[Samba] Samba4 and sssd authentication not working due "Transport encryption required."

[Samba] Samba4 and sssd authentication not working due "Transport encryption required."

[Samba] Samba4 and sssd authentication not working due "Transport encryption required."

Reasonably Related Threads