Displaying 20 results from an estimated 23 matches for "ldap_id_use_start_tls".
2016 Sep 02
3
Samba4 and sssd authentication not working due "Transport encryption required."
...s.
my sssd configuation is bellow
[sssd]
config_file_version = 2
domains = xxx.xxx
services = nss, pam
debug_level = 5
[nss]
[pam]
[domain/xxx.xx]
ldap_referrals = false
enumerate = true
id_provider = ldap
#access_provider = ldap
auth_provider = ldap
ldap_uri = ldap://xxx-DC-A.xxx.xxx:389
ldap_id_use_start_tls = False
ldap_auth_disable_tls_never_use_in_production = true
ldap_default_bind_dn = CN=ldapadmin,cn=Users,dc=xxx,dc=xxx
ldap_default_authtok_type = password
ldap_default_authtok = xxxxxxxx
ldap_schema = rfc2307bis
ldap_user_search_base = dc=xx,dc=xx
ldap_user_object_class = user
ldap_user_home_di...
2013 Apr 14
1
sssd getent problem with Samba 4.0
...umerate = false
cache_credentials = True
id_provider = ldap
auth_provider = krb5
chpass_provider = krb5
krb5_realm = HH3.SITE
krb5_server = hh16.hh3.site
krb5_kpasswd = hh16.hh3.site
ldap_uri = ldap://hh16.hh3.site/
ldap_search_base = dc=hh3,dc=site
ldap_tls_cacertdir = /usr/local/samba/private/tls
ldap_id_use_start_tls = False
ldap_default_bind_dn = cn=lynn2,cn=Users,dc=hh3,dc=site
ldap_default_authtok = xx
ldap_default_authtok_type = password
ldap_user_object_class = person
ldap_user_name = samAccountName
ldap_user_uid_number = uidNumber
ldap_user_gid_number = gidNumber
ldap_user_home_directory = unixHomeDirecto...
2016 Sep 02
4
Samba4 and sssd authentication not working due "Transport encryption required."
...> >
> > [pam]
> >
> >
> > [domain/xxx.xx]
> > ldap_referrals = false
> > enumerate = true
> >
> > id_provider = ldap
> > #access_provider = ldap
> > auth_provider = ldap
> > ldap_uri = ldap://xxx-DC-A.xxx.xxx:389
> > ldap_id_use_start_tls = False
> > ldap_auth_disable_tls_never_use_in_production = true
> > ldap_default_bind_dn = CN=ldapadmin,cn=Users,dc=xxx,dc=xxx
> > ldap_default_authtok_type = password
> > ldap_default_authtok = xxxxxxxx
> >
> > ldap_schema = rfc2307bis
> >
> > lda...
2015 May 06
2
ldap host attribute is ignored
...fig_file_version = 2
services = nss, pam, autofs
domains = default
[nss]
filter_groups = root
filter_users = root
[pam]
[domain/default]
ldap_uri = ldap://ldap.mydomain.tld
ldap_search_base = o=XXX
ldap_schema = rfc2307bis
id_provider = ldap
ldap_user_uuid = entryuuid
ldap_group_uuid = entryuuid
ldap_id_use_start_tls = True
enumerate = False
cache_credentials = False
ldap_tls_cacertdir = /etc/ssl/certs
chpass_provider = ldap
auth_provider = ldap
ldap_tls_reqcert = never
ldap_user_search_base = ou=YYY,o=XXX
ldap_group_search_base = ou=YYY,o=XXX
access_provider = ldap
ldap_access_order = host
ldap_user_authorize...
2019 Oct 16
3
Can't setup kerberos auth for samba4 server?
...0x0270
[domain/ADA.DE <http://ada.de/>]
enumerate = true
cache_credentials = True
krb5_realm = ADA.DE <http://ada.de/>
ldap_search_base = dc=ada,dc=de
krb5_server = ad01.ada.de, ad02.ada.de
id_provider = ad
auth_provider = ad
ldap_uri = ldap://ad01.ada.de:389/, ldap://ad02.ada.de:389/
ldap_id_use_start_tls = True
ldap_tls_cacertdir = /etc/openldap/cacerts
debug_level = 0x0270
[nss]
homedir_substring = /home
debug_level = 0x0270
[pam]
debug_level = 0x0270
[sudo]
debug_level = 0x0270
[autofs]
debug_level = 0x0270
[ssh]
debug_level = 0x0270
[pac]
debug_level = 0x0270
[ifp]
debug_level = 0x0270
[...
2015 May 11
2
ldap host attribute is ignored
...R /etc/ssl/certs
> SASL_NOCANON on
>
> My /etc/sssd/sssd.conf:
> [domain/default]
> ldap_uri = ldap://myldapserver.com/
> ldap_search_base = ou=YYY,o=XXX
> ldap_schema = rfc2307bis
> id_provider = ldap
> ldap_user_uuid = entryuuid
> ldap_group_uuid = entryuuid
> ldap_id_use_start_tls = True
> enumerate = False
> cache_credentials = False
> ldap_tls_cacertdir = /etc/openldap/cacerts/
> chpass_provider = ldap
> auth_provider = ldap
> ldap_tls_reqcert = never
> ldap_user_search_base = ou=YYY,o=XXX
> access_provider = ldap
> ldap_access_order = host
>...
2016 Sep 03
1
Samba4 and sssd authentication not working due "Transport encryption required."
...gt; [domain/xxx.xx]
>>>> ldap_referrals = false
>>>> enumerate = true
>>>>
>>>> id_provider = ldap
>>>> #access_provider = ldap
>>>> auth_provider = ldap
>>>> ldap_uri = ldap://xxx-DC-A.xxx.xxx:389
>>>> ldap_id_use_start_tls = False
>>>> ldap_auth_disable_tls_never_use_in_production = true
>>>> ldap_default_bind_dn = CN=ldapadmin,cn=Users,dc=xxx,dc=xxx
>>>> ldap_default_authtok_type = password
>>>> ldap_default_authtok = xxxxxxxx
>>>>
>>>> ldap_sc...
2015 May 11
3
ldap host attribute is ignored
On 05/09/2015 01:24 PM, Jonathan Billings wrote:
> Is it normal to have pam_unix and pam_sss twice for each each section?
No. See my previous message. I think it's the result of copying
portions of SuSE configurations.
2015 May 06
0
ldap host attribute is ignored
...for name service or authentication. Mostly
just the openldap tools (ldapsearch, ldapadd, ldapmodify).
> The sssd.conf is this:
...
> [nss]
> filter_groups = root
> filter_users = root
nitpick: those are the defaults. Probably don't need to set them.
> [domain/default]
> ldap_id_use_start_tls = True
> ldap_tls_cacertdir = /etc/ssl/certs
> ldap_tls_reqcert = never
Not sure about that setting. "allow" is probably what you want if
you're using starttls.
> access_provider = ldap
> ldap_access_order = host
> ldap_user_authorized_host = host
...
> When i st...
2016 Sep 02
0
Samba4 and sssd authentication not working due "Transport encryption required."
...ices = nss, pam
> debug_level = 5
>
>
> [nss]
>
>
> [pam]
>
>
> [domain/xxx.xx]
> ldap_referrals = false
> enumerate = true
>
> id_provider = ldap
> #access_provider = ldap
> auth_provider = ldap
> ldap_uri = ldap://xxx-DC-A.xxx.xxx:389
> ldap_id_use_start_tls = False
> ldap_auth_disable_tls_never_use_in_production = true
> ldap_default_bind_dn = CN=ldapadmin,cn=Users,dc=xxx,dc=xxx
> ldap_default_authtok_type = password
> ldap_default_authtok = xxxxxxxx
>
> ldap_schema = rfc2307bis
>
> ldap_user_search_base = dc=xx,dc=xx
> ld...
2014 Aug 29
1
C7: need authconfig against LDAP
Hi all,
On a C6 box, when I want to enable LDAP authentication, I issue:
# yum -y install nss-pam-ldapd pam_ldap nscd
# authconfig --enableldap --enableldapauth --enablemkhomedir \
--ldapserver=ldap://ldap-blabla/ \
--ldapbasedn="blabla" \
--enablecache --disablefingerprint \
--kickstart --update
All is working fine, the directory structure is fine and compliant.
2015 May 05
4
ldap host attribute is ignored
On 05/05/2015 06:47 PM, Gordon Messmer wrote:
> On 05/05/2015 03:02 AM, Ulrich Hiller wrote:
>> /etc/openldap/ldap.conf contains the line:
>> ------------------------------------------
>> pam_check_host_attr yes
>
> /etc/openldap/ldap.conf is the configuration file for openldap clients.
> It is not used for system authentication or name service.
>
>>
2019 Oct 16
0
Can't setup kerberos auth for samba4 server?
...;]
> enumerate = true
> cache_credentials = True
> krb5_realm = ADA.DE <http://ada.de/>
> ldap_search_base = dc=ada,dc=de
> krb5_server = ad01.ada.de, ad02.ada.de
> id_provider = ad
> auth_provider = ad
> ldap_uri = ldap://ad01.ada.de:389/, ldap://ad02.ada.de:389/
> ldap_id_use_start_tls = True
> ldap_tls_cacertdir = /etc/openldap/cacerts
> debug_level = 0x0270
>
> [nss]
> homedir_substring = /home
> debug_level = 0x0270
>
> [pam]
> debug_level = 0x0270
>
> [sudo]
> debug_level = 0x0270
>
> [autofs]
> debug_level = 0x0270
>
>...
2016 Sep 03
0
Samba4 and sssd authentication not working due "Transport encryption required."
...>
> > > [domain/xxx.xx]
> > > ldap_referrals = false
> > > enumerate = true
> > >
> > > id_provider = ldap
> > > #access_provider = ldap
> > > auth_provider = ldap
> > > ldap_uri = ldap://xxx-DC-A.xxx.xxx:389
> > > ldap_id_use_start_tls = False
> > > ldap_auth_disable_tls_never_use_in_production = true
> > > ldap_default_bind_dn = CN=ldapadmin,cn=Users,dc=xxx,dc=xxx
> > > ldap_default_authtok_type = password
> > > ldap_default_authtok = xxxxxxxx
> > >
> > > ldap_schema = rfc230...
2013 Feb 21
2
looking for sssd basics and simple config with existing ldap centos 6.3
Hi,
I'm planing to setup a new samba fileserver as a member to an existing
samba 3.x SMB.
The old server is still nss-pam-ldapd configured (historic left overs).
As I dont have any pressure to have the new server up and running within
the next few hours, I liked to set up sssd with our existing openldap.
After googling and reading some documentations from redhat/fedora I
think I do have a
2015 May 11
0
ldap host attribute is ignored
...f:
BASE o=XXX
URI ldap://myldapserver.com/
TLS_CACERTDIR /etc/ssl/certs
SASL_NOCANON on
My /etc/sssd/sssd.conf:
[domain/default]
ldap_uri = ldap://myldapserver.com/
ldap_search_base = ou=YYY,o=XXX
ldap_schema = rfc2307bis
id_provider = ldap
ldap_user_uuid = entryuuid
ldap_group_uuid = entryuuid
ldap_id_use_start_tls = True
enumerate = False
cache_credentials = False
ldap_tls_cacertdir = /etc/openldap/cacerts/
chpass_provider = ldap
auth_provider = ldap
ldap_tls_reqcert = never
ldap_user_search_base = ou=YYY,o=XXX
access_provider = ldap
ldap_access_order = host
ldap_user_authorized_host = host
autofs_provider =...
2015 May 11
0
ldap host attribute is ignored
...R /etc/ssl/certs
> SASL_NOCANON on
>
> My /etc/sssd/sssd.conf:
> [domain/default]
> ldap_uri = ldap://myldapserver.com/
> ldap_search_base = ou=YYY,o=XXX
> ldap_schema = rfc2307bis
> id_provider = ldap
> ldap_user_uuid = entryuuid
> ldap_group_uuid = entryuuid
> ldap_id_use_start_tls = True
> enumerate = False
> cache_credentials = False
> ldap_tls_cacertdir = /etc/openldap/cacerts/ chpass_provider = ldap
> auth_provider = ldap ldap_tls_reqcert = never ldap_user_search_base =
> ou=YYY,o=XXX access_provider = ldap ldap_access_order = host
> ldap_user_authori...
2015 Feb 23
2
sssd - ldap host attribute ignored
...ains" attribute below and uncomment it.
# domains = LDAP
[nss]
filter_groups = root
filter_users = root
[pam]
[domain/default]
ldap_uri = ldap://myldapserver.mydomain
ldap_search_base = o=XXXX
ldap_schema = rfc2307bis
id_provider = ldap
ldap_user_uuid = entryuuid
ldap_group_uuid = entryuuid
ldap_id_use_start_tls = True
enumerate = False
cache_credentials = False
ldap_tls_cacertdir = /etc/openldap/cacerts/
chpass_provider = ldap
auth_provider = ldap
ldap_tls_reqcert = never
ldap_user_search_base = ou=YYYY,o=XXXX
ldap_group_search_base = ou=YYYY,o=XXXX
access_provider = ldap
ldap_access_filter = memberOf=ou...
2016 Apr 11
5
Slow authentication on C7
...tofs_provider = ldap
cache_credentials = True
krb5_realm = #
ldap_search_base = ou=Main,o=company
id_provider = ldap
auth_provider = ldap
chpass_provider = ldap
ldap_uri = ldap://ldap.our.domain/
ldap_group_search_base = ou=Group,ou=Main,o=company
ldap_user_search_base = ou=People,ou=Main,o=company
ldap_id_use_start_tls = False
ldap_tls_cacertdir = /etc/openldap/cacerts
ldap_tls_reqcert = allow
#debug_level = 4
refresh_expired_interval = 120
enumerate = True
ldap_referrals = False
[sssd]
services = nss, pam, autofs
config_file_version = 2
domains = default
[nss]
homedir_substring = /home
entry_cache_timeout = 540...
2019 Oct 16
2
Can't setup kerberos auth for samba4 server?
..._credentials = True
> > krb5_realm = ADA.DE <http://ada.de/>
> > ldap_search_base = dc=ada,dc=de
> > krb5_server = ad01.ada.de, ad02.ada.de
> > id_provider = ad
> > auth_provider = ad
> > ldap_uri = ldap://ad01.ada.de:389/, ldap://ad02.ada.de:389/
> > ldap_id_use_start_tls = True
> > ldap_tls_cacertdir = /etc/openldap/cacerts
> > debug_level = 0x0270
> >
> > [nss]
> > homedir_substring = /home
> > debug_level = 0x0270
> >
> > [pam]
> > debug_level = 0x0270
> >
> > [sudo]
> > debug_level = 0x0270...