search for: ca_root_nss

...x platforms autoconf-wrapper-20131203 Wrapper script for GNU autoconf automake-1.15.1 GNU Standards-compliant Makefile generator automake-wrapper-20131203 Wrapper script for GNU automake bison-3.0.4,1 Parser generator from FSF, (mostly) compatible with Yacc ca_root_nss-3.36.1 Root certificate bundle from the Mozilla Project curl-7.59.0 Command line tool and library for transferring data with URLs cyrus-sasl-2.1.26_13 RFC 2222 SASL (Simple Authentication and Security Layer) gettext-runtime-0.19.8.1_1 GNU gettext runtime...

Andrew, Thanks for the pointers about looking into the ldap client libs. I think I've found a situation where tls connections to the AD server on port 389 have trouble. I've added the CA cert to ldap.conf, and to the ca_root_nss file on this system. First what works: 1. ldapsearch commands with -Z to force use of tls (configured in /usr/local/etc/ldap.conf) 2. ssl connections with s_client to port 636 and to port 443 on the domain controller. 3. tls version 1 connections to port 389 using s_client with the -tls1 switc...

...per-20131203 Wrapper script for GNU autoconf > automake-1.15.1 GNU Standards-compliant Makefile generator > automake-wrapper-20131203 Wrapper script for GNU automake > bison-3.0.4,1 Parser generator from FSF, (mostly) > compatible with Yacc > ca_root_nss-3.36.1 Root certificate bundle from the Mozilla Project > curl-7.59.0 Command line tool and library for > transferring data with URLs > cyrus-sasl-2.1.26_13 RFC 2222 SASL (Simple Authentication > and Security Layer) > gettext-runtime-0.19.8.1_...

I have 20+ freebsd 10 samba 4 servers joined to our local microsoft active directory. At the moment things work well enough. However the windows administrator wants to tighten his AD security by requiring tls encrypted ldap. When I add: ldap ssl = start_tls ldap ssl ads = yes cldap port = 389 the net ads commands fail: net ads testjoin Failed to issue the StartTLS instruction: Connect error