Hello!
Taking advantage of the email, I tried to make an ldap query with tls
and I had an error ..
Version Samba 4.4.4
samba-tool testparm -v --suppress-prompt|grep tls
ldap ssl = start tls
tls cafile = tls/ca.pem
tls certfile = tls/cert.pem
tls crlfile tls dh params file tls enabled = Yes
tls keyfile = tls/key.pem
tls priority = NORMAL:-VERS-SSL3.0
tls verify peer = as_strict_as_possible
ldapsearch -U USER -h ldaps://localhost -p636 -w PASS -b
dc=internal,dc=test,dc=com,dc=br -s sub '(objectClass=user)' givenName
-LLL -n -N -Z
ldap_start_tls: Connect error (-11)
additional info: (unknown error code)
ldap_sasl_interactive_bind_s: Can't contact LDAP server (-1)
additional info: (unknown error code)
What would be wrong?
Em 11-01-2017 14:39, Rowland Penny via samba escreveu:> On Wed, 11 Jan 2017 11:09:15 -0500
> Matthew Daubenspeck via samba <samba at lists.samba.org> wrote:
>
>> I'm using a Samba4 ADDC and just noticed that the SSL that was
created
>> at install time is about to expire. Is there something Samba specific
>> to create a new certificate, or should I manually create a new one
>> using openssl?
>>
>> Thanks!
>>
> Have a look here:
>
https://wiki.samba.org/index.php/Configuring_LDAP_over_SSL_%28LDAPS%29_on_a_Samba_AD_DC
>
> Rowland
>