search for: devclient

Hai,   I noticed something strange in the keytab file on my member server. This is a followup of : [Samba] winbind question. (challenge/response password authentication) Samba 4.5.3 on Debian Jessie.   Leave the domain. net ads leave -k Deleted account for 'PROXY2' in realm 'REALM'   I checked in windows, and the computer is gone in the “Computer” ou.   Removed the

...-) > > > OK, I think I have found a workaround ;-) > > Remove the 'http' SPNs from the computers AD object > > Then (on the client) run this: > > net ads keytab add HTTP -k > > klist -ket > > ................. > 2 04/02/17 12:44:48 > HTTP/devclient.samdom.example.com at SAMDOM.EXAMPLE.COM (des-cbc-crc) > 2 04/02/17 12:44:48 HTTP/DEVCLIENT at SAMDOM.EXAMPLE.COM (des-cbc-crc) > 2 04/02/17 12:44:48 > HTTP/devclient.samdom.example.com at SAMDOM.EXAMPLE.COM (des-cbc-md5) > 2 04/02/17 12:44:48 HTTP/DEVCLIENT at SAMDOM.EXAMPLE.C...

...in fact you shouldn't use ':636' at all. OK, mini-howto coming up ;-) The DC is dc1.samdom.example.com The AD domain DN is dc=samdom,dc=example,dc=com There is this line in the DC smb.conf: tls certfile = tls/cert.pem The reverse dns zone has been created and operational The client is devclient.samdom.example.com On the DC: Configure /etc/openldap/ldap.conf as follows: HOST dc1.samdom.example.com TLS_CACERT /usr/local/samba/private/tls/cert.pem TLS_REQCERT demand Add this line to smb.conf: ldap server require strong auth = allow_sasl_over_tls Now test with this command: ldapsearch -D...

Hello Vinicius, I did it and this was the answer: ldapsearch -H "ldaps://devsamba.lucas.ufes.br:636" -w '*********' -D "cn=administrator,cn=users,dc=lucas,dc=ufes,dc=br" -x -b "dc=lucas,dc=ufes,dc=br" -d1 ldap_url_parse_ext(ldaps://devsamba.lucas.ufes.br:636) ldap_create ldap_url_parse_ext(ldaps://devsamba.lucas.ufes.br:636/??base) ldap_sasl_bind