Displaying 18 results from an estimated 18 matches for "ca_only".
2024 Jul 01
0
[PATCH RESEND 2/2] Permit %L and %l percent escapes in server Include
...config_line_depth(ServerOptions *options, char *line,
struct connection_info *connectinfo, int *inc_flags, int depth,
struct include_list *includes)
{
- char *str, ***chararrayptr, **charptr, *arg, *arg2, *p, *keyword;
- int cmdline = 0, *intptr, value, value2, n, port, oactive, r;
- int ca_only = 0, found = 0;
+ char *str, ***chararrayptr, **charptr, *arg, *arg2, *arg_pre, *p, *keyword;
+ char thishost[NI_MAXHOST], shorthost[NI_MAXHOST];
+ int cmdline = 0, *intptr, value, value2, n, port, oactive, r, found;
+ int ca_only = 0;
SyslogFacility *log_facility_ptr;
LogLevel *log_level_ptr;...
2023 Jun 05
8
[Bug 3577] New: CASignatureAlgorithms supports -cert alogrithms
https://bugzilla.mindrot.org/show_bug.cgi?id=3577
Bug ID: 3577
Summary: CASignatureAlgorithms supports -cert alogrithms
Product: Portable OpenSSH
Version: 9.3p1
Hardware: amd64
OS: Linux
Status: NEW
Severity: normal
Priority: P5
Component: ssh
Assignee: unassigned-bugs at
2024 Jul 01
2
[PATCH RESEND 0/2] Permit %L and %L percent escapes in Include
Using these escapes, the include directive can be crafted to include
differing, host-specific configuration.
Ronan Pigott (2):
Permit %L and %l percent escapes in Include
Permit %L and %l percent escapes in server Include
readconf.c | 16 +++++++++++++---
servconf.c | 21 ++++++++++++++++-----
2 files changed, 29 insertions(+), 8 deletions(-)
base-commit:
2018 Feb 16
1
idmap config ad: can't resolve domain users' uids
...log file = /var/log/samba/log.%m
interfaces = eth0, lo
bind interfaces only = Yes
tls enabled = yes
tls keyfile = /opt/samba/private/tls/addc.key
tls certfile = /etc/ssl/certs/addc.pem
tls cafile = /etc/ssl/certs/DigiCertCA.crt
tls verify peer = ca_only
printcap name = /dev/null
ldap server require strong auth = allow_sasl_over_tls
# idmap config for the EXAMPLEAD domain
idmap config EXAMPLEAD : backend = ad
idmap config EXAMPLEAD : schema_mode = rfc2307
idmap config EXAMPLEAD : range = 1005-999999
idmap config * : backend =...
2018 Aug 29
2
gencache.tdb size and cache flush
...mba/log.%m
# ldap debug level = 3
interfaces = eth0, lo
bind interfaces only = Yes
tls enabled = yes
tls keyfile = /opt/samba/private/tls/addc.key
tls certfile = /etc/ssl/certs/addc.pem
tls cafile = /etc/ssl/certs/DigiCertCA.crt
tls verify peer = ca_only
ldap server require strong auth = allow_sasl_over_tls
printcap name = /dev/null
load printers = no
printing = bsd
idmap_ldb:use rfc2307 = yes
template shell = /bin/mosh
template homedir = /homel/%U
kerberos method = secrets and keytab
[netlogon]
path = /opt/samba/var/locks/...
2016 May 11
2
Change Password after expired
...g CHRONO-DOM : range = 10000-29999
> winbind nss info = rfc2307
> winbind enum users = yes
> winbind enum groups = yes
> acl map full control = yes
> syslog = 0
> log level = 7 auth:10 winbind:10
> tls verify peer = ca_only
>
> [netlogon]
> path = /var/lib/samba/sysvol/chrono-dom.lan/scripts
> read only = No
>
> [sysvol]
> path = /var/lib/samba/sysvol
> read only = No
>
> On the LAMP server with LTB Self Service Password and other web apps i
> con...
2016 May 10
3
Change Password after expired
In some customer yes, but they are with LTSP (pxe boot) where another
use graphical interface, but would rather have a web interface to change
the password.
This tambpem would be used for windows stations off the field.
Em 10-05-2016 16:05, Rowland penny escreveu:
> Not even on the clients ??
2016 May 11
1
Change Password after expired
...nd nss info = rfc2307
>>> winbind enum users = yes
>>> winbind enum groups = yes
>>> acl map full control = yes
>>> syslog = 0
>>> log level = 7 auth:10 winbind:10
>>> tls verify peer = ca_only
>>>
>>> [netlogon]
>>> path = /var/lib/samba/sysvol/chrono-dom.lan/scripts
>>> read only = No
>>>
>>> [sysvol]
>>> path = /var/lib/samba/sysvol
>>> read only = No
>>>
>>>...
2023 Nov 14
0
[PATCH v3 2/2] Permit %L and %l percent escapes in sshd Include
...clude_list *includes)
{
- char *str, ***chararrayptr, **charptr, *arg, *arg2, *p, *keyword;
+ char *str, ***chararrayptr, **charptr, *arg, *arg2, *arg_pre, *p, *keyword;
+ char thishost[NI_MAXHOST], shorthost[NI_MAXHOST];
int cmdline = 0, *intptr, value, value2, n, port, oactive, r, found;
int ca_only = 0;
SyslogFacility *log_facility_ptr;
@@ -2130,6 +2131,12 @@ process_server_config_line_depth(ServerOptions *options, char *line,
fatal("Include directive not supported as a "
"command-line option");
}
+
+ if (gethostname(thishost, sizeof(thishost)) == -1)
+...
2016 Apr 12
0
[Announce] Samba 4.4.2, 4.3.8 and 4.2.11 Available for Download
...ient connections using ncacn_http (with https://),
which are only used by the openchange project. Support for ncacn_http
was introduced in version 4.2.0.
The security patches will introduce a new option called
"tls verify peer". Possible values are "no_check", "ca_only",
"ca_and_name_if_available", "ca_and_name" and "as_strict_as_possible".
If you use the self-signed certificates which are auto-generated
by Samba, you won't have a crl file and need to explicitly
set "tls verify peer = ca_and_name".
o...
2016 Apr 12
0
[Announce] Samba 4.4.2, 4.3.8 and 4.2.11 Available for Download
...ient connections using ncacn_http (with https://),
which are only used by the openchange project. Support for ncacn_http
was introduced in version 4.2.0.
The security patches will introduce a new option called
"tls verify peer". Possible values are "no_check", "ca_only",
"ca_and_name_if_available", "ca_and_name" and "as_strict_as_possible".
If you use the self-signed certificates which are auto-generated
by Samba, you won't have a crl file and need to explicitly
set "tls verify peer = ca_and_name".
o...
2018 Sep 06
0
Authenticating against Samba 4 AD LDAP service
...ba_AD_DC
That's the strange part. I have set up using TLS certificate (Lets
Encrypt) as recommended in guide. When I do
# ldbsearch -U Administrator --password='[password]' -H
ldaps://dc.ad-lan.com:636
I get
TLS ../source4/lib/tls/tls_tstream.c:1609 - check failed for
verify_peer[ca_only] and peer_name[dc.ad-lan.com] status 0x42 (invalid
signer_not_found )
Failed to connect to ldap URL 'ldaps://dc.ad-lan.com:636' - LDAP client
internal error: NT_STATUS_INVALID_PARAMETER
Failed to connect to 'ldaps://dc.ad-lan.com:636' with backend 'ldaps':
LDAP client int...
2018 Aug 29
0
gencache.tdb size and cache flush
...gt; interfaces = eth0, lo
> bind interfaces only = Yes
> tls enabled = yes
> tls keyfile = /opt/samba/private/tls/addc.key
> tls certfile = /etc/ssl/certs/addc.pem
> tls cafile = /etc/ssl/certs/DigiCertCA.crt
> tls verify peer = ca_only
> ldap server require strong auth = allow_sasl_over_tls
>
> printcap name = /dev/null
> load printers = no
> printing = bsd
>
> idmap_ldb:use rfc2307 = yes
> template shell = /bin/mosh
> template homedir = /homel/%U
> kerberos method = secrets an...
2023 Nov 14
1
[PATCH v3 1/2] Permit %L and %l percent escapes in ssh Include
This allows the localhost percent-style escapes in arguments to the
Include directive. These are useful for including host-specific ssh
configuration.
---
readconf.c | 16 +++++++++++++---
1 file changed, 13 insertions(+), 3 deletions(-)
diff --git a/readconf.c b/readconf.c
index a2282b562df0..ad47d0e9730a 100644
--- a/readconf.c
+++ b/readconf.c
@@ -1030,7 +1030,8 @@
2023 Dec 20
2
[PATCH RESEND 0/2] Permit %L and %l percent escapes in Include
Using these escapes, the include directive can be crafted to include
differing, host-specific configuration.
Ronan Pigott (2):
Permit %L and %l percent escapes in ssh Include
Permit %L and %l percent escapes in sshd Include
readconf.c | 16 +++++++++++++---
servconf.c | 17 ++++++++++++++---
2 files changed, 27 insertions(+), 6 deletions(-)
base-commit:
2016 May 11
0
Change Password after expired
...>> winbind nss info = rfc2307
>> winbind enum users = yes
>> winbind enum groups = yes
>> acl map full control = yes
>> syslog = 0
>> log level = 7 auth:10 winbind:10
>> tls verify peer = ca_only
>>
>> [netlogon]
>> path = /var/lib/samba/sysvol/chrono-dom.lan/scripts
>> read only = No
>>
>> [sysvol]
>> path = /var/lib/samba/sysvol
>> read only = No
>>
>> On the LAMP server with LTB Self Servi...
2018 Sep 05
2
Authenticating against Samba 4 AD LDAP service
Also:
-H ldap://10.100.0.4
should probably be ldaps://URI
You can potentially this in smb.conf, but that is definitely not
recommended.
https://wiki.samba.org/index.php/Configuring_LDAP_over_SSL_(LDAPS)_on_a_Samba_AD_DC
Kris Lou
klou at themusiclink.net
On Wed, Sep 5, 2018 at 2:10 AM, Rowland Penny via samba <
samba at lists.samba.org> wrote:
> On Wed, 05 Sep 2018 15:46:04 +0700
2016 May 11
1
Change Password after expired
...: backend = ad
idmap config CHRONO-DOM : range = 10000-29999
winbind nss info = rfc2307
winbind enum users = yes
winbind enum groups = yes
acl map full control = yes
syslog = 0
log level = 7 auth:10 winbind:10
tls verify peer = ca_only
[netlogon]
path = /var/lib/samba/sysvol/chrono-dom.lan/scripts
read only = No
[sysvol]
path = /var/lib/samba/sysvol
read only = No
On the LAMP server with LTB Self Service Password and other web apps i
configure the ldap.conf with
TLS_CACERT /etc/ssl/ca_c...