search for: cordell

...APS. It's also very likely that the issue is related to my Domain Controllers, I've only verified that they are accepting connections on port 636 using the LDP.exe tool. see https://docs.microsoft.com/en-us/previous-versions/windows/it-pro/windows-server-2012-r2-and-2012/cc771022(v=ws.11) ~Cordell

.... One question, when I was looking at the packets during a join domain, I noticed that the username and domain name appear to be sent in plain text during the Kerberos authentication. Is there any way to encrypt either of those as well? Or is that just part of the Kerberos authentication process? ~Cordell

...credentials to specify default logged-in user. If Negotiate package is not installed on server or client, this will fall back to Sicily negotiation. On Fri, Oct 30, 2020 at 1:57 PM Andrew Bartlett via samba < samba at lists.samba.org> wrote: > On Fri, 2020-10-30 at 13:53 +0000, Zebrose, Cordell via samba wrote: > > > Samba 4.13 recently removed this support. > > > The issue is that while it was possible to use LDAPS in some > > > situations, it was not possible to reliably determine the hostname > > > to verify the TLS certificate, rendering the protect...

On Thu, 2020-10-29 at 22:15 +0000, Zebrose, Cordell via samba wrote: > I have a Samba file server attempting to join an Active Directory > domain using "$net ads join". The Domain Controller is running > Windows Server 2019. I'd like to force samba to use port 636 (LDAPS) > when making the LDAP connection. I've tried se...

On Fri, 2020-10-30 at 13:53 +0000, Zebrose, Cordell via samba wrote: > > Samba 4.13 recently removed this support. > > The issue is that while it was possible to use LDAPS in some > > situations, it was not possible to reliably determine the hostname > > to verify the TLS certificate, rendering the protection moot. > >...

...nt, this > will fall back to Sicily negotiation. This is what we use in Samba, Kerberos with a fallback to NTLMv2. Andrew Bartlett > On Fri, Oct 30, 2020 at 1:57 PM Andrew Bartlett via samba < > samba at lists.samba.org> wrote: > > On Fri, 2020-10-30 at 13:53 +0000, Zebrose, Cordell via samba > > wrote: > > > > Samba 4.13 recently removed this support. > > > > The issue is that while it was possible to use LDAPS in some > > > > situations, it was not possible to reliably determine the > > hostname > > > > to verify t...