Displaying 20 results from an estimated 36 matches for "as_strict_as_poss".
2018 Aug 08
2
LDAPS is not working
...logging = syslog at 1 /var/log/samba/log.%m
I've tested it with the following command and got the following error...
root at server:/var/lib/samba/private/tls# ldbsearch -H ldaps://127.0.0.1 '(cn=admin)' objectClass -Uadmin
TLS failed to missing crlfile - with 'tls verify peer = as_strict_as_possible'
Failed to connect to ldap URL 'ldaps://127.0.0.1' - LDAP client internal error: NT_STATUS_INVALID_PARAMETER_MIX
Failed to connect to 'ldaps://127.0.0.1' with backend 'ldaps': LDAP client internal error: NT_STATUS_INVALID_PARAMETER_MIX
Failed to connect to ldaps://12...
2017 Jan 11
4
SSL Certificate
...ompt|grep tls
ldap ssl = start tls
tls cafile = tls/ca.pem
tls certfile = tls/cert.pem
tls crlfile =
tls dh params file =
tls enabled = Yes
tls keyfile = tls/key.pem
tls priority = NORMAL:-VERS-SSL3.0
tls verify peer = as_strict_as_possible
ldapsearch -U USER -h ldaps://localhost -p636 -w PASS -b
dc=internal,dc=test,dc=com,dc=br -s sub '(objectClass=user)' givenName
-LLL -n -N -Z
ldap_start_tls: Connect error (-11)
additional info: (unknown error code)
ldap_sasl_interactive_bind_s: Can't contact LDAP serv...
2017 Jan 11
2
SSL Certificate
I'm using a Samba4 ADDC and just noticed that the SSL that was created
at install time is about to expire. Is there something Samba specific to
create a new certificate, or should I manually create a new one using
openssl?
Thanks!
2016 Apr 22
0
ldap start_tls to microsoft active directory
...start tls
ldap timeout = 15
security = ADS
server services = s3fs, rpc, nbt, wrepl, ldap, cldap, kdc, drepl, winbindd,
ntp_signd, kcc, dnsupdate, dns
tls cafile = tls/ca.pem
tls certfile = tls/cert.pem
tls enabled = Yes
tls keyfile = tls/key.pem
tls priority = NORMAL:-VERS-SSL3.0
tls verify peer = as_strict_as_possible
--
-Alex
2016 Apr 12
0
[Announce] Samba 4.4.2, 4.3.8 and 4.2.11 Available for Download
...e project. Support for ncacn_http
was introduced in version 4.2.0.
The security patches will introduce a new option called
"tls verify peer". Possible values are "no_check", "ca_only",
"ca_and_name_if_available", "ca_and_name" and "as_strict_as_possible".
If you use the self-signed certificates which are auto-generated
by Samba, you won't have a crl file and need to explicitly
set "tls verify peer = ca_and_name".
o CVE-2016-2114
Due to a regression introduced in Samba 4.0.0,
an explicit "server signin...
2016 Apr 12
0
[Announce] Samba 4.4.2, 4.3.8 and 4.2.11 Available for Download
...e project. Support for ncacn_http
was introduced in version 4.2.0.
The security patches will introduce a new option called
"tls verify peer". Possible values are "no_check", "ca_only",
"ca_and_name_if_available", "ca_and_name" and "as_strict_as_possible".
If you use the self-signed certificates which are auto-generated
by Samba, you won't have a crl file and need to explicitly
set "tls verify peer = ca_and_name".
o CVE-2016-2114
Due to a regression introduced in Samba 4.0.0,
an explicit "server signin...
2016 Jun 10
2
ldb-tools and ldaps after badlock
...since the patch for all the badlock bugs it is not possible to access
a Samba 4 ADDC-database with ldb-tools. Everytime I try it, I get the
following error:
root at addc-02:~# ldbsearch -H ldaps://addc-02.example2.net -U administrat
or
TLS failed to missing crlfile - with 'tls verify peer =
as_strict_as_possible'
When I add:
- ----------------------
tls verify peer = no_check
- ----------------------
to smb.conf I will get the following error:
root at addc-02:~# ldbsearch -H ldaps://addc-02.example2.net -U administrat
or
Password for [EXAMPLE2\administrator]:
Failed to bind - LDAP error 8 LDAP_...
2016 Dec 28
2
Error with samba update in debian.
...-
Parameter Name + default setting.
-------------
allow dcerpc auth level connect = no
client ipc signing = default
client ipc max protocol = default
client ipc min protocol = default
ldap server require strong auth = yes
raw NTLMv2 auth = no
tls verify peer = as_strict_as_possible
tls priority = NORMAL:-VERS-SSL3.0
4.3.0 => 4.4.0 : smb.conf changes
https://www.samba.org/samba/history/samba-4.4.0.html
smb.conf changes
----------------
Parameter Name Description Default
-------------- ----------- ------
aio max threads New 100
ldap page...
2019 May 24
0
Upgraded from CentOS 6.X to 7.X, samba not working
...-
Parameter Name + default setting.
-------------
allow dcerpc auth level connect = no
client ipc signing = default
client ipc max protocol = default
client ipc min protocol = default
ldap server require strong auth = yes
raw NTLMv2 auth = no
tls verify peer = as_strict_as_possible
tls priority = NORMAL:-VERS-SSL3.0
4.3.0 => 4.4.0 : smb.conf changes
https://www.samba.org/samba/history/samba-4.4.0.html
smb.conf changes
----------------
Parameter Name Description Default
-------------- ----------- ------
aio max threads New 100
ldap page...
2016 Jul 27
2
Lost trusted domain in samba-4.4.4
...No
smb passwd file = /etc/config/smbpasswd
tls cafile = tls/ca.pem
tls certfile = tls/cert.pem
tls crlfile =
tls dh params file =
tls enabled = Yes
tls keyfile = tls/key.pem
tls priority = NORMAL:-VERS-SSL3.0
tls verify peer = as_strict_as_possible
unix password sync = No
username level = 0
username map = /etc/config/smbusers
username map cache time = 0
username map script =
aio max threads = 100
deadtime = 10
getwd cache = Yes
hostname lookups = No
keepalive...
2018 Sep 03
4
Server-Side Copy Offload Limitations
...1
syslog only = No
template homedir = /home/%D/%U
template shell = /bin/false
time server = No
timestamp logs = Yes
tls cafile = tls/ca.pem
tls certfile = tls/cert.pem
tls crlfile =
tls dh params file =
tls enabled = Yes
tls keyfile = tls/key.pem
tls priority = NORMAL:-VERS-SSL3.0
tls verify peer = as_strict_as_possible
unicode = Yes
unix charset = UTF-8
unix extensions = No
unix password sync = No
use mmap = Yes
username level = 0
username map =
username map cache time = 0
username map script =
usershare allow guests = No
usershare max shares = 0
usershare owner only = Yes
usershare path = /var/lib/samba/user...
2016 Aug 24
2
Linux Work Station USER ID PROBLEM
...a_kcc
spn update command = /usr/local/samba/sbin/samba_spnupdate
share backend = classic
allow nt4 crypto = No
tls enabled = Yes
tls keyfile = tls/key.pem
tls certfile = tls/cert.pem
tls cafile = tls/ca.pem
tls crlfile =
tls dh params file =
tls verify peer = as_strict_as_possible
tls priority = NORMAL:-VERS-SSL3.0
rpc_server:tcpip = no
rpc_daemon:spoolssd = fork
rpc_server:default = external
rpc_server:spoolss = external
rpc_server:svcctl = embedded
rpc_server:srvsvc = embedded
rpc_server:eventlog = embedded
rpc_server:ntsvcs = embedd...
2019 May 24
4
Upgraded from CentOS 6.X to 7.X, samba not working
Hi
Previous: CentOS 6.X, samba4.x86_64 4.2.10-15.el6
Now: CentOS 7.6.1810, samba 4.8.3-4.el7
When I start smb, nmb or winbind I get no errors at all.
This is all I get:
May 24 22:44:04 HOST systemd[1]: Starting Samba SMB Daemon...
May 24 22:44:05 HOST systemd[1]: smb.service: main process exited, code=exited, status=1/FAILURE
May 24 22:44:05 HOST systemd[1]: Failed to start Samba SMB
2019 Apr 19
0
winbind offline login - NT_STATUS_NO_SUCH_USER (0xc0000064)
...r = /home/%D/%U*
* template shell = /bin/bash*
* time server = No*
* timestamp logs = Yes*
* tls cafile = tls/ca.pem*
* tls certfile = tls/cert.pem*
* tls crlfile = *
* tls dh params file = *
* tls enabled = Yes*
* tls keyfile = tls/key.pem*
* tls priority = NORMAL:-VERS-SSL3.0*
* tls verify peer = as_strict_as_possible*
* unicode = Yes*
* unix charset = UTF-8*
* unix extensions = Yes*
* unix password sync = No*
* use mmap = Yes*
* username level = 0*
* username map = /etc/samba/samba_usermapping*
* username map cache time = 0*
* username map script = *
* usershare allow guests = No*
* usershare max shares = 1...
2020 Jun 17
1
Slow and Incomplete printing from DOS Client 3.0
...1
syslog only = No
template homedir = /home/%D/%U
template shell = /bin/false
time server = No
timestamp logs = Yes
tls cafile = tls/ca.pem
tls certfile = tls/cert.pem
tls crlfile =
tls dh params file =
tls enabled = Yes
tls keyfile = tls/key.pem
tls priority = NORMAL:-VERS-SSL3.0
tls verify peer = as_strict_as_possible
unicode = Yes
unix charset = UTF-8
unix extensions = Yes
unix password sync = No
use mmap = Yes
username level = 0
username map =
username map cache time = 0
username map script =
usershare allow guests = Yes
usershare max shares = 0
usershare owner only = Yes
usershare path = /var/lib/samba/us...
2019 Feb 19
3
samba 4.8x problem
...a_kcc
spn update command = /usr/local/samba/sbin/samba_spnupdate
share backend = classic
allow nt4 crypto = No
tls enabled = Yes
tls keyfile = tls/key.pem
tls certfile = tls/cert.pem
tls cafile = tls/ca.pem
tls crlfile =
tls dh params file =
tls verify peer = as_strict_as_possible
tls priority = NORMAL:-VERS-SSL3.0
rpc_server:spoolss = external
rpc_daemon:spoolssd = fork
spoolssd:prefork_child_min_life = 60
spoolssd:prefork_max_allowed_clients = 200
spoolssd:prefork_spawn_rate = 5
spoolssd:prefork_max_children = 75
spoolssd:prefork_min_chi...
2018 Sep 03
0
Server-Side Copy Offload Limitations
...template shell = /bin/false
> time server = No
> timestamp logs = Yes
> tls cafile = tls/ca.pem
> tls certfile = tls/cert.pem
> tls crlfile =
> tls dh params file =
> tls enabled = Yes
> tls keyfile = tls/key.pem
> tls priority = NORMAL:-VERS-SSL3.0
> tls verify peer = as_strict_as_possible
> unicode = Yes
> unix charset = UTF-8
> unix extensions = No
> unix password sync = No
> use mmap = Yes
> username level = 0
> username map =
> username map cache time = 0
> username map script =
> usershare allow guests = No
> usershare max shares = 0
> use...
2016 Jul 27
0
Lost trusted domain in samba-4.4.4
...swd
> tls cafile = tls/ca.pem
> tls certfile = tls/cert.pem
> tls crlfile =
> tls dh params file =
> tls enabled = Yes
> tls keyfile = tls/key.pem
> tls priority = NORMAL:-VERS-SSL3.0
> tls verify peer = as_strict_as_possible
> unix password sync = No
> username level = 0
> username map = /etc/config/smbusers
> username map cache time = 0
> username map script =
> aio max threads = 100
> deadtime = 10
> getwd cache = Yes...
2016 Jul 06
2
Samba-ad-dc no longer listening on port 135
...mand = /usr/sbin/samba_spnupdate
share backend = classic
allow nt4 crypto = No
reject md5 clients = No
tls enabled = Yes
tls keyfile = tls/key.pem
tls certfile = tls/cert.pem
tls cafile = tls/ca.pem
tls crlfile =
tls dh params file =
tls priority = NORMAL:-VERS-SSL3.0
tls verify peer = as_strict_as_possible
client ipc max protocol = default
client ipc min protocol = default
client ipc signing = default
allow dcerpc auth level connect = No
idmap_ldb:use rfc2307 = yes
prefork children:smb = 4
registry:hkey_users = hku.ldb
registry:hkey_local_machine = hklm.ldb
kccsrv:samba_kcc = false
comm...
2018 Apr 11
2
Samba 4.6.2 idmap error testparm -v
Hi guys.
I had migrate samba PDC with LDAP as backend:
Version 3.6.23-13.el5_11
Centos 6.x.
To Centos 7.x with samba 4.6.2
But got some errors related to idmap went I run testparm:
idmap range not specified for domain '*'
ERROR: Invalid idmap range for domain *!
This are my settings right on my extend file running testparm -v
ldap idmap suffix = ou=Idmap
idmap backend = tdb
idmap