search for: tls_tstream

...-- and my certificates and everything seem to check out. But this week (and with one appliance -- my firewall), I'm finding that maybe 3/20 times the bind will fail for perhaps 10 seconds. During this time, the logs read (for each failure): [2018/09/26 11:05:52.824630, 1] ../source4/lib/tls/tls_tstream.c:1439(tstream_tls_retry_handshake) TLS ../source4/lib/tls/tls_tstream.c:1439 - A TLS fatal alert has been received. I've repointed authentication to a single server (instead of using DNS round robin that apparently didn't work -- different issue), and manually spammed auth tests, which...

Am 18.09.19 um 19:16 schrieb Kris Lou via samba: > More than likely, certificate issues. > > If you use the IP in pfsense, then the Samba certificate needs to have the > IP as the CN. So you suggest to contact the dc via hostname ... googled this query command: # openssl s_client -connect adc1:636 tells me ... CONNECTED(00000003) depth=0 O = Samba Administration, OU = Samba -

Yesterday I set up the pfsense-OpenVPN-Server to auth against the samba-AD worked great already ... Now without a change I get errors and wonder why. I used the IP as "host" and TCP-STARTTLS to port 389 log.samba shows: [2019/09/18 18:38:22.123976, 1] ../source4/lib/tls/tls_tstream.c:1439(tstream_tls_retry_handshake) TLS ../source4/lib/tls/tls_tstream.c:1439 - A TLS fatal alert has been received. [2019/09/18 18:38:22.124027, 1] ../source4/ldap_server/ldap_extended.c:89(ldapsrv_starttls_postprocess_done) ldapsrv_starttls_postprocess_done: accept_tls_loop: tstream_tls_acce...

Hello, I'm having a problem with using TLS in samba 4.1.4. When I try to connect to LDAP of samba 4 there is an error in the logs, which is: [2014/03/18 15:34:12.631262, 1] ../source4/lib/tls/tls_tstream.c:1338(tstream_tls_retry_handshake) TLS ../source4/lib/tls/tls_tstream.c:1338 - A record packet with illegal version was received. Here's the php script that tries to connect to the samba 4: <?php $ldap="samba.domain.com"; $usr="test at domain.com"; $pwd...

...ng seem to check out. > > But this week (and with one appliance -- my firewall), I'm finding that > maybe 3/20 times the bind will fail for perhaps 10 seconds. During this > time, the logs read (for each failure): > > [2018/09/26 11:05:52.824630, 1] > ../source4/lib/tls/tls_tstream.c:1439(tstream_tls_retry_handshake) > TLS ../source4/lib/tls/tls_tstream.c:1439 - A TLS fatal alert has been > received. > > I've repointed authentication to a single server (instead of using DNS > round robin that apparently didn't work -- different issue), and manually &...

...N-Server to auth against the samba-AD > > worked great already ... > > Now without a change I get errors and wonder why. > > I used the IP as "host" and TCP-STARTTLS to port 389 > > log.samba shows: > > [2019/09/18 18:38:22.123976, 1] > ../source4/lib/tls/tls_tstream.c:1439(tstream_tls_retry_handshake) > TLS ../source4/lib/tls/tls_tstream.c:1439 - A TLS fatal alert has been > received. > [2019/09/18 18:38:22.124027, 1] > > ../source4/ldap_server/ldap_extended.c:89(ldapsrv_starttls_postprocess_done) > ldapsrv_starttls_postprocess_done: acc...

...chinger via samba: > Am 18.09.19 um 19:28 schrieb Stefan G. Weichinger via samba: > >> So I would have to use "adc1.arbeitsgruppe.mydomain.at" > > Tried that. Doesn't help so far. > > gives: > > [2019/09/18 19:32:07.544332, 1] > ../source4/lib/tls/tls_tstream.c:1439(tstream_tls_retry_handshake) > TLS ../source4/lib/tls/tls_tstream.c:1439 - A TLS fatal alert has been > received. > [2019/09/18 19:32:07.544401, 1] > ../source4/ldap_server/ldap_extended.c:89(ldapsrv_starttls_postprocess_done) > ldapsrv_starttls_postprocess_done: accept_t...

...gt; > But this week (and with one appliance -- my firewall), I'm finding that > > maybe 3/20 times the bind will fail for perhaps 10 seconds. During this > > time, the logs read (for each failure): > > > > [2018/09/26 11:05:52.824630, 1] > > ../source4/lib/tls/tls_tstream.c:1439(tstream_tls_retry_handshake) > > TLS ../source4/lib/tls/tls_tstream.c:1439 - A TLS fatal alert has been > > received. > > > > I've repointed authentication to a single server (instead of using DNS > > round robin that apparently didn't work -- differen...

Greetings, Rowland Penny! >>>> server services = s3fs, rpc, nbt, wrepl, ldap, cldap, kdc, >>>> drepl, winbindd, ntp_signd, kcc, dnsupdate >> >> Since "winbindd" is included in this line, shouldn't also "-winbind" >> be there? I think that when you use the normal winbind you must >> disable the internal one. >>

...error code) with: [2011/04/23 14:31:29, 3] ../source4/lib/ldb-samba/ldb_wrap.c:319(ldb_wrap_connect) ldb_wrap open of secrets.ldb [2011/04/23 14:31:29, 3] ../source4/lib/ldb-samba/ldb_wrap.c:319(ldb_wrap_connect) ldb_wrap open of secrets.ldb [2011/04/23 14:31:29, 1] ../source4/lib/tls/tls_tstream.c:542(tstream_tls_retry_read) TLS ../source4/lib/tls/tls_tstream.c:542 - A record packet with illegal version was received. [2011/04/23 14:31:29, 3] ../source4/smbd/service_stream.c:62(stream_terminate_connection) Terminating connection - 'ldapsrv_call_loop: tstream_read_pdu_blob_recv...

Hai,   Im seeing the following..    [2016/04/15 09:57:55.135038,  0] ../source4/lib/tls/tls_tstream.c:1216(tstream_tls_params_server)   Invalid permissions on TLS private key file 'server.key.pem':   owner uid 0 should be 0, mode 0440 should be 0600   This is known as CVE-2013-4476.   It there anyway to override this setting?  I do need 0440 here.  ( or 0400 ) 0600 is not needed im...

...; > [3605/4085] Linking default/source4/auth/kerberos/libauthkrb5-samba4.so > > default/source4/lib/tls/tls_1.o: In function `tls_init_client': > > tls.c:(.text+0x1846): undefined reference to > > `gnutls_certificate_type_set_priority' > > default/source4/lib/tls/tls_tstream_1.o: In function > > `_tstream_tls_connect_send': > > tls_tstream.c:(.text+0x2014): undefined reference to > > `gnutls_certificate_type_set_priority' > > collect2: error: ld returned 1 exit status > > Waf: Leaving directory `/home/caesar/Downloads/samba-4.2.1...

...ndex.php/Configuring_LDAP_over_SSL_(LDAPS)_on_a_Samba_AD_DC That's the strange part. I have set up using TLS certificate (Lets Encrypt) as recommended in guide. When I do # ldbsearch -U Administrator --password='[password]' -H ldaps://dc.ad-lan.com:636 I get TLS ../source4/lib/tls/tls_tstream.c:1609 - check failed for verify_peer[ca_only] and peer_name[dc.ad-lan.com] status 0x42 (invalid signer_not_found ) Failed to connect to ldap URL 'ldaps://dc.ad-lan.com:636' - LDAP client internal error: NT_STATUS_INVALID_PARAMETER Failed to connect to 'ldaps://dc.ad-lan.com:636'...

Hi Samba 4 git from 1 hour ago. openSUSE 12.1 make fails: [ 976/3909] Compiling source4/lib/tls/tls.c ../source4/lib/tls/tls.c: In function ?tls_init_server?: ../source4/lib/tls/tls.c:508:2: error: implicit declaration of function ?gnutls_transport_set_lowat? [-Werror=implicit-function-declaration] ../source4/lib/tls/tls.c: In function ?tls_init_client?: ../source4/lib/tls/tls.c:569:2:

Also: -H ldap://10.100.0.4 should probably be ldaps://URI You can potentially this in smb.conf, but that is definitely not recommended. https://wiki.samba.org/index.php/Configuring_LDAP_over_SSL_(LDAPS)_on_a_Samba_AD_DC Kris Lou klou at themusiclink.net On Wed, Sep 5, 2018 at 2:10 AM, Rowland Penny via samba < samba at lists.samba.org> wrote: > On Wed, 05 Sep 2018 15:46:04 +0700