similar to: Is "tls cafile" ignored when ldap.conf is present?

It works now for all my web apps ! If you have a AC.pem, juste rename in AC.crt (update-ca-certificates recognizes only crt files, man update-ca-certificates) Thank you Louis. Le 11/05/2016 10:45, L.P.H. van Belle a écrit : > I dont know LTB or what it exact is, but > > Add in /etc/ldap/ldap.conf > TLS_REQCERT allow > > Setup your own "rootCA" like this. > ( if not

Hello! You can now change the password for the User when even this expired password or "next logon"? PS: With the active account, was already working the password change. Hug. Em 11-05-2016 07:17, Charles-Henri Falconnet escreveu: > It works now for all my web apps ! > If you have a AC.pem, juste rename in AC.crt (update-ca-certificates > recognizes only crt files, man

I dont know LTB or what it exact is, but Add in /etc/ldap/ldap.conf TLS_REQCERT allow Setup your own "rootCA" like this. ( if not done, apt-get install ca-certificates ) mkdir -p /usr/local/share/ca-certificates/chrono mv /etc/ssl/ca_chrono-dom.lan.pem /usr/local/share/ca-certificates/chrono update-ca-certificates ! MUST BE /usr/local/share/ca-certificates else its not picked up

Hello Rowland, You shouldn't use 'ldaps' and ':636', in fact you shouldn't use ':636' at all. OK, mini-howto coming up ;-) The DC is dc1.samdom.example.com The AD domain DN is dc=samdom,dc=example,dc=com There is this line in the DC smb.conf: tls certfile = tls/cert.pem The reverse dns zone has been created and operational The client is

Hi list, Same wish here! I'd like my users to change their password using LTB (great tool) but since 4.2.10 (debian jessie) I lost the connection to samba4. I tried using TLS and port 636 in LTB's config.inc.php with a dedicated user and put the self signed AC from private/tls but it didn't work. Before the upgrade, i was on samba 4.1.17 (debian jessie) and simple bind on port 389

Hai, Please note, this is how I setup, which is not related to the samba wiki. This is what i currently see on my DC, these where created in 2015 and im NOT using these. /var/lib/samba/private/tls# ls -al total 20 drwx------ 2 root root 4096 Apr 28 2015 . drwxr-xr-x 7 root root 4096 Apr 9 13:06 .. -rw-r--r-- 1 root root 997 Apr 28 2015 ca.pem -rw-r--r-- 1 root root 997 Apr 28 2015

On Thu, August 6, 2020 11:36, MAS Jean-Louis wrote: > Nobody has any clues about the tls cafile ? > > Regards > > Le 04/08/2020 ?? 15:18, MAS Jean-Louis via samba a ??crit??: >> I have several samba servers on Debian 10 all using : >> >> samba 2:4.9.5+dfsg-5+deb10u1 amd64 >> >> I use tls cafile, tls certfile and tls keyfile with certificates

Le 06/08/2020 ? 17:43, Nick Howitt via samba a ?crit?: > If I were guessing, based on some experience with certificate usage in > other apps, concatenate your certificate and intermediate certificates > into a single file which is then your "tls certfile" then point "tls > cafile" to your issuers proper CA or just to your distro's CA bundle, > e.g

Nobody has any clues about the tls cafile ? Regards Le 04/08/2020 ? 15:18, MAS Jean-Louis via samba a ?crit?: > I have several samba servers on Debian 10 all using : > > samba 2:4.9.5+dfsg-5+deb10u1 amd64 > > I use tls cafile, tls certfile and tls keyfile with certificates from > Sectigo (https://cert-manager.com) > > And when checking my connexion from the

Hi, We're seeing some TLS LDAP related issues in our Samba 4 PDC. Slapd gives the same message with SSL turned on and off in smb.conf slapd.service - LSB: OpenLDAP standalone server (Lightweight Directory Access Protocol) Loaded: loaded (/etc/init.d/slapd; bad; vendor preset: enabled) Active: active (running) since Tue 2018-04-03 14:54:38 AEST; 4min 12s ago Apr 03 14:54:37 mypdc

hi... i trying to have a secure conetion between dovecot and directory server, but i cant do it. The documentation are so poor ( http://wiki.dovecot.org/AuthDatabase/LDAP) these are my configurations files: (pre: i have a directory server accepting secure conections (port 389 via TLS and port 636 via SSL). File "/opt/csw/etc/dovecot-ldap.conf": hosts=100.0.4.98 dn =

Sorry, am not used to a list that has real sender addresses? Samba is configured with internal DNS. # /etc/krb5.conf [libdefaults] default_realm = SAMDOM.EXAMPLE.COM dns_lookup_realm = false dns_lookup_kdc = true # /etc/ldap/ldap.conf? TLS_CACERT /etc/ssl/certs/ca-certificates.crt TLS_REQCERT allow # /etc/resolv.conf domain samdom.example.com search samdom.example.com nameserver

If I were guessing, based on some experience with certificate usage in other apps, concatenate your certificate and intermediate certificates into a single file which is then your "tls certfile" then point "tls cafile" to your issuers proper CA or just to your distro's CA bundle, e.g /etc/pki/tls/certs/ca-bundle.crt. Nick On 06/08/2020 16:36, MAS Jean-Louis via samba

Hi, I have modified my /etc/ldap/ldap.conf cat /etc/ldap/ldap.conf #TLS_REQCERT HARD TLS_REQCERT ALLOW TLS_CACERT /etc/ssl/certs/msadmaster.pem After above changes net ads is succesfull with ssl/tls I have verified at Windows AD DC end that TLS is being used for communication with the help of wireshark. Though i am not sure what is impact of changing TLS_REQCERT to ALLOW from HARD

Hello, I am kind of confused with this situation. I am attempting to build a PDC using TLS/SSL with the following version of software. Samba 3.0.23 OpenLDAP 2.3.19 Fedora Core 5 When I startup the Samba server via the "service" command (service smb start) I get the following errors in my logs. Using SSL: Jul 13 09:52:34 prism smbd[23161]: smbldap_search_suffix: Problem during

You missing or : Smb.conf tls cafile = tls/ca.pem And/or ( showing the Debian steps ), the CA is missing in ca-certifcates.crt In : /etc/ldap/ldap.conf TLS_CACERT /etc/ssl/certs/ca-certificates.crt Steps todo. mkdir /usr/local/share/ca-certificates/personal-cert Put the root in that folder. Run : update-ca-certificates You need to install ca-certificates first. apt install

Hai, If its really Debian 9, then i dont think, this is not going to work. >> /etc/openldap/ldap.conf I suggest the following. apt-get install ca-certificates mkdir -p /usr/local/share/ca-certificates/samba-ad-dc ln -s /var/lib/samba/private/tls/cert.pem /usr/local/share/ca-certificates/samba-ad-dc/samba.crt update-ca-certificates /etc/ldap/ldap.conf BASE dc=some,dc=dom,dc=tld URI

Hello Vinicius, I did it and this was the answer: ldapsearch -H "ldaps://devsamba.lucas.ufes.br:636" -w '*********' -D "cn=administrator,cn=users,dc=lucas,dc=ufes,dc=br" -x -b "dc=lucas,dc=ufes,dc=br" -d1 ldap_url_parse_ext(ldaps://devsamba.lucas.ufes.br:636) ldap_create ldap_url_parse_ext(ldaps://devsamba.lucas.ufes.br:636/??base) ldap_sasl_bind

I have several samba servers on Debian 10 all using : samba 2:4.9.5+dfsg-5+deb10u1 amd64 I use tls cafile, tls certfile and tls keyfile with certificates from Sectigo (https://cert-manager.com) And when checking my connexion from the samba server, or from outside, I've got "unable to verify the first certificate" even if tls_cafile is provided in smb.conf. What is wrong

Hi, I'm working hard to setup winbind and openLDAP work together with TLS My networks contains: - a windows server 2008 R2 domain controller - a debian 6 based file server (openmediavault v0.4) running OpenLDAP 2.4.23 and Samba v3.5.6 - a debian 7 computer running winbind 3.6.6 I want to let OpenLDAP store SID <=> uig/gid mapping to ensure constant uid and gid for users on all linux