Andrea Cucciarre'
2020-Nov-09 11:45 UTC
[Samba] How to configure samba domain member to use LDAPS instead of LDAP
Hello, is there any documented procedure to configure a samba domain member (AD windows domain) to use LDAPS instead of LDAP Thanks Andrea
Rowland penny
2020-Nov-09 12:03 UTC
[Samba] How to configure samba domain member to use LDAPS instead of LDAP
On 09/11/2020 11:45, Andrea Cucciarre' via samba wrote:> > is there any documented procedure to configure a samba domain member > (AD windows domain) to use LDAPS instead of LDAPThe only documentation I know of is here: https://wiki.samba.org/index.php/Configuring_LDAP_over_SSL_(LDAPS)_on_a_Samba_AD_DC But it is meant for a DC. Are you talking about using ldaps with ldap searches ? If so, then don't, use kerberos instead, it is even more secure. Rowland
Andrea Cucciarre'
2020-Nov-09 13:28 UTC
[Samba] How to configure samba domain member to use LDAPS instead of LDAP
My customer complain that in the AD DC they see the following insecure communication coming from the Samba server (DC member): "The following client performed a SASL (Negotiate/Kerberos/NTLM/Digest) LDAP bind without requesting signing (integrity verification), or performed a simple bind over a cleartext (non-SSL/TLS-encrypted) LDAP connection." So Samba does an insecure LDAP bind and they are asking how to change Samba so that it does it in a secure way. Any tuning or suggestion to achieve it? Thanks Andrea On 11/9/2020 1:03 PM, Rowland penny via samba wrote:> On 09/11/2020 11:45, Andrea Cucciarre' via samba wrote: >> >> is there any documented procedure to configure a samba domain member >> (AD windows domain) to use LDAPS instead of LDAP > The only documentation I know of is here: > > https://wiki.samba.org/index.php/Configuring_LDAP_over_SSL_(LDAPS)_on_a_Samba_AD_DC > > > But it is meant for a DC. > > Are you talking about using ldaps with ldap searches ? If so, then > don't, use kerberos instead, it is even more secure. > > Rowland > > >
Possibly Parallel Threads
- How to configure samba domain member to use LDAPS instead of LDAP
- How to configure samba domain member to use LDAPS instead of LDAP
- How to configure samba domain member to use LDAPS instead of LDAP
- idmap_ad
- Setting up Samba as a Domain Member when AD DC is set to enforced LDAP Signing