search for: zebrose

...s in NULL credentials to specify default logged-in user. If Negotiate package is not installed on server or client, this will fall back to Sicily negotiation. On Fri, Oct 30, 2020 at 1:57 PM Andrew Bartlett via samba < samba at lists.samba.org> wrote: > On Fri, 2020-10-30 at 13:53 +0000, Zebrose, Cordell via samba wrote: > > > Samba 4.13 recently removed this support. > > > The issue is that while it was possible to use LDAPS in some > > > situations, it was not possible to reliably determine the hostname > > > to verify the TLS certificate, rendering th...

I have a Samba file server attempting to join an Active Directory domain using "$net ads join". The Domain Controller is running Windows Server 2019. I'd like to force samba to use port 636 (LDAPS) when making the LDAP connection. I've tried several settings in the smb.conf file, but when I check the LDAP packets, samba is still using port 389. The join domain call is successful,

> Samba 4.13 recently removed this support. > The issue is that while it was possible to use LDAPS in some situations, it was not possible to reliably determine the hostname to verify the TLS certificate, rendering the protection moot. > Furthermore, extensive work would have been required to fully implement the 'channel bindings' required to tie the Kerberos authentication Samba

On Thu, 2020-10-29 at 22:15 +0000, Zebrose, Cordell via samba wrote: > I have a Samba file server attempting to join an Active Directory > domain using "$net ads join". The Domain Controller is running > Windows Server 2019. I'd like to force samba to use port 636 (LDAPS) > when making the LDAP connection. I've...

On Fri, 2020-10-30 at 13:53 +0000, Zebrose, Cordell via samba wrote: > > Samba 4.13 recently removed this support. > > The issue is that while it was possible to use LDAPS in some > > situations, it was not possible to reliably determine the hostname > > to verify the TLS certificate, rendering the protection moot....

...r or client, this > will fall back to Sicily negotiation. This is what we use in Samba, Kerberos with a fallback to NTLMv2. Andrew Bartlett > On Fri, Oct 30, 2020 at 1:57 PM Andrew Bartlett via samba < > samba at lists.samba.org> wrote: > > On Fri, 2020-10-30 at 13:53 +0000, Zebrose, Cordell via samba > > wrote: > > > > Samba 4.13 recently removed this support. > > > > The issue is that while it was possible to use LDAPS in some > > > > situations, it was not possible to reliably determine the > > hostname > > > > to...