search for: configuring_ldap_over_ssl_

Hi. Following this document: https://wiki.samba.org/index.php/Configuring_LDAP_over_SSL_(LDAPS)_on_a_Samba_AD_DC I have a Centos 7.x with samba4.4.4 with openldap 2.4.40. If I run the command: smbd -b | grep "ENABLE_GNUTLS" I don't get any answer, this mean that samba doesn't have ssl support? Thanks for your time. -- LIving the dream...

Hello, I just configured a three-site DCs setup with Samba 4.6.0, and replication worked great. But then I added a custom cert to one of the DCs to authenticate various apps against it. I used this wiki https://wiki.samba.org/index. php/Configuring_LDAP_over_SSL_(LDAPS)_on_a_Samba_AD_DC Now I can authenticate my apps over LDAPS against my DC, but broke replication. How do I need to configure replication to work with a self-signed cert? Thanks, -Mike

...t; > I just configured a three-site DCs setup with Samba 4.6.0, and > > replication worked great. > > But then I added a custom cert to one of the DCs to authenticate > > various apps against it. I used this wiki https://wiki.samba.org/in > > de > > x. > > php/Configuring_LDAP_over_SSL_(LDAPS)_on_a_Samba_AD_DC > > > > Now I can authenticate my apps over LDAPS against my DC, but broke > > replication. > > > > How do I need to configure replication to work with a self-signed > > cert? > > The two are not related - replication is not over...

Hi, after a successfully migrating my NT4 with OpenLDAP to a Samba4 AD...I got a problem. Like in the sambawiki tutorial (https://wiki.samba.org/index.php/Configuring_LDAP_over_SSL_(LDAPS)_on_a_Samba_AD_DC) I tried to configure LDAPS. I used the auto-configured certs. They are located in "/var/lib/samba/private/tls". My smb.conf: # Global parameters [global] netbios name = PDC realm = COMPANY.COM workgroup = COMPANY server role = acti...

https://wiki.samba.org/index.php/Configuring_LDAP_over_SSL_(LDAPS)_on_a_Samba_AD_DC <https://wiki.samba.org/index.php/Configuring_LDAP_over_SSL_(LDAPS)_on_a_Samba_AD_DC> > On Sep 3, 2016, at 7:59 AM, Fosiul Alam via samba <samba at lists.samba.org> wrote: > > Hi Both > Thanks > > from Samba4 side i need this help, I can see...

Also: -H ldap://10.100.0.4 should probably be ldaps://URI You can potentially this in smb.conf, but that is definitely not recommended. https://wiki.samba.org/index.php/Configuring_LDAP_over_SSL_(LDAPS)_on_a_Samba_AD_DC Kris Lou klou at themusiclink.net On Wed, Sep 5, 2018 at 2:10 AM, Rowland Penny via samba < samba at lists.samba.org> wrote: > On Wed, 05 Sep 2018 15:46:04 +0700 > Konstantin Boyandin via samba <samba at lists.samba.org> wrote: > > > Hello, &gt...

I'm using a Samba4 ADDC and just noticed that the SSL that was created at install time is about to expire. Is there something Samba specific to create a new certificate, or should I manually create a new one using openssl? Thanks!

Hello, is there any documented procedure to configure a samba domain member (AD windows domain) to use LDAPS instead of LDAP Thanks Andrea

I have OpenSSL forgenrate the CA root file in my server and work fine. My question is, ?howto i say to Samba (configuration) for work with CA certificates? . I dont find information about this. Thanks. Saludos. --- Miguel El mar., 10 nov. 2020 a las 15:22, S?rgio Basto (<sergio at serjux.com>) escribi?: > On Tue, 2020-11-10 at 14:48 -0300, Miguel Angel Coa M. via samba wrote: >

...gt; On 09/11/2020 11:45, Andrea Cucciarre' via samba wrote: >> >> is there any documented procedure to configure a samba domain member >> (AD windows domain) to use LDAPS instead of LDAP > The only documentation I know of is here: > > https://wiki.samba.org/index.php/Configuring_LDAP_over_SSL_(LDAPS)_on_a_Samba_AD_DC > > > But it is meant for a DC. > > Are you talking about using ldaps with ldap searches ? If so, then > don't, use kerberos instead, it is even more secure. > > Rowland > > >

...the SSL that was created >> at install time is about to expire. Is there something Samba specific >> to create a new certificate, or should I manually create a new one >> using openssl? >> >> Thanks! >> > Have a look here: > https://wiki.samba.org/index.php/Configuring_LDAP_over_SSL_%28LDAPS%29_on_a_Samba_AD_DC > > Rowland >

...and that that the multiple *.pem files needed for LDAP via TLS all need "special permissions" - and mentions to delete old files without the required permissions to force file renewal. Yet in the official Samba documentation for setting up LDAPS here (https://wiki.samba.org/index.php/Configuring_LDAP_over_SSL_(LDAPS)_on_a_Samba_AD_DC) it says only to set these special permissions on ONE of the generated certificate *.pem files - the private key file. Is this definitely correct? Should we not set root owner on the additional cert.pem and ca.pem too? I ask because I wanted to flag this. It seems like...

...a basic SAMBA setup with a main AD DC ad1 and a backup AD DC ad2, running on Samba 4.5.16-Debian on Raspbian. I would now like to enable LDAPS so my users can authenticate in other non Samba services using Active Directory. From reading the documentation here: https://wiki.samba.org/index.php/Configuring_LDAP_over_SSL_(LDAPS)_on_a_Samba_AD_DC I understand that for the most basic LDAPS setup using the pre-existing self-signed certificate I need only add the following lines to my smb.conf to enable this: tls enabled  = yes tls keyfile  = tls/key.pem tls certfile = tls/cert.pem tls cafile   = tls/ca.pem My quest...

If I were guessing, based on some experience with certificate usage in other apps, concatenate your certificate and intermediate certificates into a single file which is then your "tls certfile" then point "tls cafile" to your issuers proper CA or just to your distro's CA bundle, e.g /etc/pki/tls/certs/ca-bundle.crt. Nick On 06/08/2020 16:36, MAS Jean-Louis via samba

I am currently NOT using SSL on my Samba domain. While reading "Configuring_LDAP_over_SSL_(LDAPS)_on_a_Samba_AD_DC" and thinking about implementing. I'm having trouble "getting my head" around what certificates go where. Simply put, I am not clear as to generating certificates on the clients and then copy which files to to the server or vice versa? What happens when...

...up with Samba 4.6.0, and > > > replication worked great. > > > But then I added a custom cert to one of the DCs to authenticate > > > various apps against it. I used this wiki https://wiki.samba.org/ > > > in > > > de > > > x. > > > php/Configuring_LDAP_over_SSL_(LDAPS)_on_a_Samba_AD_DC > > > > > > Now I can authenticate my apps over LDAPS against my DC, but > > > broke > > > replication. > > > > > > How do I need to configure replication to work with a self-signed > > > cert? > > >...

...10:31 AM, Rowland Penny <rpenny at samba.org> wrote: > On Tue, 18 Apr 2017 10:21:33 -0700 > Alberto Moreno via samba <samba at lists.samba.org> wrote: > > > Hi. > > > > Following this document: > > > > > > https://wiki.samba.org/index.php/Configuring_LDAP_over_SSL_ > (LDAPS)_on_a_Samba_AD_DC > > > > I have a Centos 7.x with samba4.4.4 with openldap 2.4.40. > > You don't have an AD DC! > > > > > If I run the command: > > > > smbd -b | grep "ENABLE_GNUTLS" > > > > I don't get any...

...to port 389) if I put "tls enabled=no" in the config file. With "tls enabled=yes" (or nothing, since it's the default) I get: "Child 24011 (ldap) terminated with signal 4" I tried generating a self-signed certificate as per: > https://wiki.samba.org/index.php/Configuring_LDAP_over_SSL_(LDAPS)_on_a_Samba_AD_DC Unfortunately, the only effect is that "Attempting to autogenerate TLS self-signed keys for https for hostname 'XXX.xxxxx.xxxxxxxx.xx'" changes to "TLS autogeneration skipped - some TLS files already exist". Then I get the same error as above....

On 4/17/2018 3:56 AM, Marco Gaiarin via samba wrote: > Mandi! lingpanda101 via samba > In chel di` si favelave... > >>     When using a custom self-signed certificate, what is the appropriate >> value for 'tls verify peer ='? > ...AFAIk the same for every certificates; the CA's certificates have to > be in ''central store'', or have to be

Hi, Does Samba-AD support TLS 1.2 for LDAPS? If yes, can some one give more details on its configuration? Regards, Ananth