search for: tls_cacert

...m The AD domain DN is dc=samdom,dc=example,dc=com There is this line in the DC smb.conf: tls certfile = tls/cert.pem The reverse dns zone has been created and operational The client is devclient.samdom.example.com On the DC: Configure /etc/openldap/ldap.conf as follows: HOST dc1.samdom.example.com TLS_CACERT /usr/local/samba/private/tls/cert.pem TLS_REQCERT demand Add this line to smb.conf: ldap server require strong auth = allow_sasl_over_tls Now test with this command: ldapsearch -D "Administrator at samdom.example.com" -b "cn=Users,dc=samdom,dc=example,dc=com" -H ldaps://dc1....

Sorry, am not used to a list that has real sender addresses? Samba is configured with internal DNS. # /etc/krb5.conf [libdefaults] default_realm = SAMDOM.EXAMPLE.COM dns_lookup_realm = false dns_lookup_kdc = true # /etc/ldap/ldap.conf? TLS_CACERT /etc/ssl/certs/ca-certificates.crt TLS_REQCERT allow # /etc/resolv.conf domain samdom.example.com search samdom.example.com nameserver 10.88.80.88 # windows dc ./samba-collect-debug-info.sh kinit: Client 'Administrator at SAMDOM.EXAMPLE.COM' not found in Kerberos database while getting i...

Hi people, i have a problem with trying ldaps i use autogenerated self-signed certificate, i write in smb this: tls enabled = yes tls keyfile = tls/key.pem tls certfile = tls/cert.pem without cafile when i try to verify with: openssl verify /usr/local/samba/private/tls/myCert.pem it said me unable to verify the first certificate and if add -CApath works! and finally when i try from another

Hai, ? From what i see below. ? kinit that should work, or error in krb5.conf or resolv.conf. What is the first resolver in resolv.conf and is samba configured with internal DNS or Bind9_DLZ? ? This is in /etc/ldap/ldap.conf TLS_CACERT????? /etc/ssl/certs/ca-certificates.crt TLS_REQCERT allow ? cp /var/lib/samba/private/krb5.conf /etc/krb5.conf not really needed, but it does not hurt. ? Well, can you run this for me and post the output. https://raw.githubusercontent.com/thctlo/samba4/master/samba-collect-debug-info.sh if need...

...! MUST BE /usr/local/share/ca-certificates else its not picked up with the update-ca-certificates command. you should see: update-ca-certificates Updating certificates in /etc/ssl/certs... 1 added, 0 removed; done. Running hooks in /etc/ca-certificates/update.d....done. And correct this back : TLS_CACERT /etc/ssl/certs/ca-certificates.crt Now after done above your CA Cert is hashed in /etc/ssl/certs And its added in /etc/ssl/certs/ca-certificates.crt Do this and try again and let us know the result. Greetz, Louis > -----Oorspronkelijk bericht----- > Van: samba [mailto:samba-bounc...

...details > # This file should be world readable but not world writable. > > #BASE dc=example,dc=com > #URI ldap://ldap.example.com ldap://ldap-master.example.com:666 > > #SIZELIMIT 12 > #TIMELIMIT 15 > #DEREF never > > TLS_REQCERT never > TLS_CACERT /usr/local/samba/private/tls/cert.pem > > > > It worked until now... > > > I checked that samba-tools still works, but I need to use ldap commands too. Any idea why is this happening to ldap? > > > > > > > Lucas -- Vinicius Silva SOC Lucas

Distro : Debian 9 log samba and smb as attachments Le mar. 6 ao?t 2019 ? 09:33, Rowland penny via samba <samba at lists.samba.org> a ?crit : > On 06/08/2019 07:54, Guillaume Couvreur via samba wrote: > > Hello, here are the google logs. > > > > *[2019-08-05 17:04:31,544+0200] [SwingWorker-pool-1-thread-2] [ERROR] > > [plugin.ldap.AbstractLdapHandler] Failed to

...gt;> update-ca-certificates command. >> >> you should see: >> update-ca-certificates >> Updating certificates in /etc/ssl/certs... 1 added, 0 removed; done. >> Running hooks in /etc/ca-certificates/update.d....done. >> >> And correct this back : >> TLS_CACERT /etc/ssl/certs/ca-certificates.crt >> >> Now after done above your CA Cert is hashed in /etc/ssl/certs >> And its added in /etc/ssl/certs/ca-certificates.crt >> >> Do this and try again and let us know the result. >> >> Greetz, >> >> Louis...

You missing or : Smb.conf tls cafile = tls/ca.pem And/or ( showing the Debian steps ), the CA is missing in ca-certifcates.crt In : /etc/ldap/ldap.conf TLS_CACERT /etc/ssl/certs/ca-certificates.crt Steps todo. mkdir /usr/local/share/ca-certificates/personal-cert Put the root in that folder. Run : update-ca-certificates You need to install ca-certificates first. apt install ca-certificates Or, add you CA manualy, or replace the line: TLS_CACERT...

...2005 11:46:50 +0200 (CEST) > De: Bahya NASSR EDDINE <bahya_nassr@yahoo.fr> > Objet: RE: RE [Samba] TLS connections between > Samba&OpenLDAP > ?: spu@corman.be, samba@lists.samba.org, > openldap-software@OpenLDAP.org > > > > Have you set : > > > > TLS_CACERT ldap.conf of openldap (not > > /etc/ldap.conf) > Now that I set TLS_CACERT to ca.pem file path in the > appropriate ldap.conf, my slapd server returns (when > I > try to start smb services): > > TLS trace: SSL_accept:SSLv3 flush data > tls_read: want=5, got=5 > 000...

Goos morning all, I compiled Samba 3.0.14a with OpenLDAP 2.1.22-0 directory. I then enabled TLS between Samba and OpenLDAP. The following tests succeeded: s_server to s_client --> OK slapd to s_client --> OK slapd to OPenLDAP client commands (ldapsearch..) --> OK The problem is the following: when I start Samba (service smb start), slapd output returns: TLS trace:

In some customer yes, but they are with LTSP (pxe boot) where another use graphical interface, but would rather have a web interface to change the password. This tambpem would be used for windows stations off the field. Em 10-05-2016 16:05, Rowland penny escreveu: > Not even on the clients ??

...restingly the bahaviour is no different, if I simply put idmap uid and idmap gid lines instead of the more detailed config. And, if you doubt that I'm querying the right LDAP: root at samba4:/# cat /etc/ldap/ldap.conf BASE DC=ad,DC=microsult,DC=de URI ldap://samba.ad.microsult.de:3268 TLS_CACERT /etc/certs/cacert.pem BTW: administrator neither maps to 0! Moreover, I largely folled the Debian Wiki https://wiki.debian.org/AuthenticatingLinuxWithActiveDirectory. In their setup uids get prefixed by %D+. Unsure which I like better, but it's a least an observation. samba4 runs van...

...Defaults # # See ldap.conf(5) for details # This file should be world readable but not world writable. #BASE dc=example,dc=com #URI ldap://ldap.example.com ldap://ldap-master.example.com:666 #SIZELIMIT 12 #TIMELIMIT 15 #DEREF never # TLS certificates (needed for GnuTLS) TLS_CACERT /etc/ssl/certs/client.crt *My smb.conf * [global] ldap debug level = 1 ldap ssl = start tls ldap ssl ads = yes workgroup = CIFS security = ads realm = cifs.com netbios name = ubuntu encrypt passwords = yes log file = /var/opt/samba/log.%m debug level =0 max log size = 1000 syslog = 0 panic a...

...es else its not picked up with the > update-ca-certificates command. > > you should see: > update-ca-certificates > Updating certificates in /etc/ssl/certs... 1 added, 0 removed; done. > Running hooks in /etc/ca-certificates/update.d....done. > > And correct this back : > TLS_CACERT /etc/ssl/certs/ca-certificates.crt > > Now after done above your CA Cert is hashed in /etc/ssl/certs > And its added in /etc/ssl/certs/ca-certificates.crt > > Do this and try again and let us know the result. > > Greetz, > > Louis > > > >> -----Oorspro...

Hi, solved only making this changes : in /etc/ldap/ldap.conf add TLS_CACERT /etc/ldap/ca.pem.crt sample query with ldaps # ldapsearch -H ldaps://server -x -LLL -z 0 -D "CN=user,CN=Users,DC=domain,DC=com" -w "p" -b "CN=Users,DC=domain,DC=com" Solved! Thanks 2016-06-19 18:55 GMT+02:00 Trenta sis <trenta.sis at gmail.com>: > Hi,...

...= /bin/bash template homedir = /home/%D/%U winbind enum groups = yes winbind enum users = yes winbind use default domain = yes usershare allow guests = yes I've tried this config without ldap ssl = start tls and just ldap ssl ads and the traffic seems to be the exact same. Here is ldap.conf: TLS_CACERT /etc/ssl/certs/ca.cer ca.cer contains my CA root certificate in Base-64 X509 format. -- Tim Gwynne 978-994-4272

...= no store dos attributes = yes vfs objects = dfs_samba4 acl_xattr [netlogon] path= /var/lib/samba/sysvol/perczelmor.site/scripts read only = no [sysvol] path= /var/lib/samba/sysvol read only = no /etc/ldap/ldap.conf: host 127.0.0.1 base dc=our,dc=site logdir /var/lib/ldap/log TLS_REQCERT hard TLS_CACERT /etc/ssl/certs/cacert.pem I tried to integrate winbind login into pam according to this: https://help.ubuntu.com/community/ActiveDirectoryWinbindHowto but it didn't work. Regards, Tamas.

...an Belle via samba wrote: > Hai, > > From what i see below. > > kinit that should work, or error in krb5.conf or resolv.conf. > What is the first resolver in resolv.conf and is samba configured with internal DNS or Bind9_DLZ? > > This is in /etc/ldap/ldap.conf > TLS_CACERT????? /etc/ssl/certs/ca-certificates.crt > TLS_REQCERT allow > > > > cp /var/lib/samba/private/krb5.conf /etc/krb5.conf > not really needed, but it does not hurt. > > Well, can you run this for me and post the output. > https://raw.githubusercontent.com/thctlo/samba4...

...gt; Try this: > > > > Add to the [global] section of smb.conf: > > > > ldap server require strong auth = allow_sasl_over_tls > > > > Now modify/create /etc/openldap/ldap.conf > > > > Add/change: > > > > HOST <YOUR_DCs_FQDN> > > TLS_CACERT /var/lib/samba/private/tls/cert.pem > > TLS_REQCERT never > > > > Restart Samba and try again. > > > > If it still doesn't work, can we see 'log.winbindd' > > > > Rowland > > > > > > > > -- > > To unsubscribe from t...