samba - Aug 2019 - Configuration help

Server type :
- Ms Active Directoy
- OpenLDAP
- Lotus Domino
- Other

Connection type :
- Standard LDAP
- LDAP+SSL

Authentication type :
- Simple
- Anonymous

Le mar. 6 ao?t 2019 ? 11:49, Rowland penny via samba <samba at
lists.samba.org>
a ?crit :
> On 06/08/2019 10:23, Guillaume Couvreur wrote:
> > image.png
> > I don't konw the query
>
> It will be something like this:
>
> ldapsearch -x -D "Administrator at NTICO.TECH" -b
> "CN=Users,DC=ntico,DC=tech" -s sub -H ldap://10.20.0.51:3268
-wP4$$w0rd
>
> Only thing is, it is unlikely to work against a Samba AD DC ;-)
>
> What are the options for 'Server Type:', 'Connection Type:'
and
> 'Authentication Type:' ?
>
> Rowland
>
>
>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/options/samba
>

-- 

*Guillaume COUVREUR*
*Chef de projet technique*
guillaume.couvreur at ntico-operation.com
03.66.72.80.79
1A, avenue de l'Harmonie
59650 VILLENEUVE D'ASCQ

On 06/08/2019 10:53, Guillaume Couvreur wrote:
> Server type :
> - Ms Active Directoy
> - OpenLDAP
> - Lotus Domino
> - Other
OK, change the Server Type to 'Ms Active
Directory'
>
> Connection type :
> - Standard LDAP
> - LDAP+SSL
>
> Authentication type :
> - Simple
> - Anonymous
Leave everything else alone.

Add this to smb.conf:

ldap server require strong auth = no

Restart Samba and see if that works.

Rowland

great it works. You are the boss !

Le mar. 6 ao?t 2019 ? 12:04, Rowland penny via samba <samba at
lists.samba.org>
a ?crit :
> On 06/08/2019 10:53, Guillaume Couvreur wrote:
> > Server type :
> > - Ms Active Directoy
> > - OpenLDAP
> > - Lotus Domino
> > - Other
> OK, change the Server Type to 'Ms Active Directory'
> >
> > Connection type :
> > - Standard LDAP
> > - LDAP+SSL
> >
> > Authentication type :
> > - Simple
> > - Anonymous
>
> Leave everything else alone.
>
> Add this to smb.conf:
>
> ldap server require strong auth = no
>
> Restart Samba and see if that works.
>
> Rowland
>
>
>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/options/samba
>

-- 

*Guillaume COUVREUR*
*Chef de projet technique*
guillaume.couvreur at ntico-operation.com
03.66.72.80.79
1A, avenue de l'Harmonie
59650 VILLENEUVE D'ASCQ

Good its working now, but that confirms that.. 

Or resolving or you certificate setup is not correct because you need this
parameter now.
> > ldap server require strong auth = no  <<  
And that is one you most probely dont to use. 
You "i assume" want to encrypt that traffic. 

Man smb.conf 
Default : ldap server require strong auth = yes
Which points to, use port 636 ( ldaps ) 

Or 
ldap server require strong auth = allow_sasl_over_tls   
( port 389 ) 

And base on the just posted messages, i suggest one of these. 

Server type : - Ms Active Directoy
Connection type : - LDAP+SSL
			( resulting port StartTLS 389 or ldaps : 636 ) 
Authentication type : - Simple

Or 
Server type : - OpenLDAP
Connection type : - Standard LDAP
			- LDAP+SSL
			( resulting port StartTLS 389 or ldaps : 636 ) ) 
Authentication type : - Simple

Then test with :  
( startTls 389)
ldapsearch -x -D "Administrator at ntico.tech" -b
"DC=ntico,DC=tech" -s sub \
	-H ldap://$(nslookup 10.20.0.51|grep name|awk {' print $NF '} |head
--bytes -2) \
	-w"P4$$w0rd"  

SSL port 636 
ldapsearch -x -D "Administrator at ntico.tech" -b
"DC=ntico,DC=tech" -s sub \
	-H ldaps://$(nslookup 10.20.0.51|grep name|awk {' print $NF '} |head
--bytes -2) \
	-w"P4$$w0rd"  

This should give back you DC hostname : $(nslookup 10.20.0.51|grep name|awk
{' print $NF '} |head --bytes -2)

Greetz,

Louis


> -----Oorspronkelijk bericht-----
> Van: samba [mailto:samba-bounces at lists.samba.org] Namens 
> Guillaume Couvreur via samba
> Verzonden: dinsdag 6 augustus 2019 12:10
> Aan: Rowland penny
> CC: sambalist
> Onderwerp: Re: [Samba] Configuration help
> 
> great it works. You are the boss !
> 
> Le mar. 6 ao?t 2019 ? 12:04, Rowland penny via samba 
> <samba at lists.samba.org>
> a ?crit :
> 
> > On 06/08/2019 10:53, Guillaume Couvreur wrote:
> > > Server type :
> > > - Ms Active Directoy
> > > - OpenLDAP
> > > - Lotus Domino
> > > - Other
> > OK, change the Server Type to 'Ms Active Directory'
> > >
> > > Connection type :
> > > - Standard LDAP
> > > - LDAP+SSL
> > >
> > > Authentication type :
> > > - Simple
> > > - Anonymous
> >
> > Leave everything else alone.
> >
> > Add this to smb.conf:
> >
> > ldap server require strong auth = no
> >
> > Restart Samba and see if that works.
> >
> > Rowland
> >
> >
> >
> > --
> > To unsubscribe from this list go to the following URL and read the
> > instructions:  https://lists.samba.org/mailman/options/samba
> >
> 
> 
> -- 
> 
> *Guillaume COUVREUR*
> *Chef de projet technique*
> guillaume.couvreur at ntico-operation.com
> 03.66.72.80.79
> 1A, avenue de l'Harmonie
> 59650 VILLENEUVE D'ASCQ
> -- 
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/options/samba
> 
>