Displaying 20 results from an estimated 9000 matches similar to: "ldap start_tls to microsoft active directory"
2015 Feb 10
0
ldap start_tls to microsoft active directory
Andrew,
Thanks for the pointers about looking into the ldap client libs. I think
I've found a situation where tls connections to the AD server on port
389 have trouble.
I've added the CA cert to ldap.conf, and to the ca_root_nss file on this
system.
First what works:
1. ldapsearch commands with -Z to force use of tls (configured in
/usr/local/etc/ldap.conf)
2. ssl connections with
2015 Jan 29
0
ldap start_tls to microsoft active directory
On Wed, 2015-01-28 at 10:11 -0600, Russell Poyner wrote:
> I have 20+ freebsd 10 samba 4 servers joined to our local microsoft
> active directory. At the moment things work well enough. However the
> windows administrator wants to tighten his AD security by requiring tls
> encrypted ldap.
>
> When I add:
> ldap ssl = start_tls
> ldap ssl ads = yes
> cldap port = 389
2013 Dec 07
2
pigeonhole openssl s_client
Hi!
I'm trying to get information about a server certificate from a
pigeonhole sieve server.
Various connection attempts show only "wrong version number" or "unknown
protocol" errors from openssl:
$ openssl s_client -connect example.com:4190 { -tls1, -tls1_1, -tls1_2 } [ -starttls { imap, pop3 } ]
None of these work. I'm trying to see who signed the server cert. How
2015 May 02
2
LDAPS Configuration
Hi,
I'm trying to convert my LDAP server into a LDAPS server to secure the
users logins, but I don't know what's the procedure to do it. Someone knows
any guide to do it?
For now:
- I've created a CA cert on the server
- I've created the cert and key for the domain pdc
- I've signed that cert with CA cert.
- I've followed the post in samba wiki about
2016 Apr 22
0
ldap start_tls to microsoft active directory
I've encountered exact same issue as in this thread below, but I cannot
figure out what the solution is
https://lists.samba.org/archive/samba/2015-February/189012.html
In short, my Samba 4.1.22 used to be a member of the domain, with these
ldap ssl settings in the config:
ldap ssl = start tls
ldap ssl ads = Yes
I've updated it to 4.3.8, and it now cannot talk to the domain, it shows
2014 Nov 04
2
Samba 4 - disabling SSLv3 to mitigate POODLE effects
Hi all,
Am trying to find a way to disable SSLv3 protocol in smb.conf on Samba4.
I am using the following:
tls enabled = yes
tls keyfile = tls/myKey.pem
tls certfile = tls/myCert.pem
tls cafile =
With a self-signed cert.
But when I remote connect from another host using:
openssl s_client -showcerts -connect samba4-dc:636 -ssl3
I get a successful
2015 Jul 27
2
LMPT SSL
Hello,
I tryed to eneble TLS connection from postfix to dovecot lmtp.
Unfortunely I have problem with certificate, postfix shows,
2015-07-27T12:51:15.025333+02:00 k30 postfix/lmtp[4572]: Untrusted TLS
connection established to 192.168.67.30[192.168.67.30]:24: TLSv1.2 with
cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)
I checked certs by openssl s_client:
#openssl s_client -connect
2015 Mar 15
2
Dovecot 2.1.7 still accepting SSLv3 though disabled?
Hello,
I came across a strange problem with my Dovecot 2.1.7 installation
(updated Debian Wheezy) in regards to SSL/TLS connections.
My configuration is as follows:
$ dovecot -n | grep ssl
service imap-login {
ssl = yes
...
}
ssl_cert = <......
ssl_cipher_list =
2014 Oct 19
3
Dovecote 1.2.17 poodle
Hi, how do I protect dovecot 1.2.17 against poodle?
Br
/Marc
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 842 bytes
Desc: Message signed with OpenPGP using GPGMail
URL: <http://dovecot.org/pipermail/dovecot/attachments/20141019/b4152487/attachment-0001.sig>
2019 Dec 27
1
Disabling TLS 1.1 in Centos 7 cockpit
Sure did!
I am even playing with different options (including NONE) and it seems
to ignore the contents of ssl.conf
I have tried
Environment=G_TLS_GNUTLS_PRIORITY=NORMAL:+TLS1.2:!TLS1.1:!TLS1.0:!ECDHE-RSA-AES256-SHA:
Environment=G_TLS_GNUTLS_PRIORITY=NORMAL:+TLS1.2:!TLS1.1:!TLS1.0:!ECDHE-RSA-AES256-SHA
Environment=G_TLS_GNUTLS_PRIORITY=PFS
2002 Aug 22
1
Samba 2.2.5 and LDAP start_tls
Hi,
I've a problem in connecting samba 2.2.5 to LDAP with ldap ssl = start_tls.
I've already patched the file pdb_ldap.c and configure.in and run autconf (as
described in the Samba-LDAP-PDC howto).
However, doing a rpcclient servername -U root%password -c "enumprinters" shows
this in the log:
[2002/08/23 16:50:44, 0] passdb/pdb_ldap.c:ldap_open_connection(181)
Failed to
2016 Jan 05
6
Stymied with samba vs openldap SSL ("Failed to issue the StartTLS instruction...")
I know this is something which should have a simple fix but I'm failing
to see it somehow.
I'm moving samba service between a couple of FreeBSD systems (9.3 to
10.2), and I'm stuck on getting samba on the new machine to connect to
our openldap server over ssl - frustrating since I've been running
samba+ldap for 15 years or so; feel sure I'm missing something basic!
2019 May 29
2
TLS 1.2 Support Samba-AD
Hi,
Does Samba-AD support TLS 1.2 for LDAPS? If yes, can some one give more
details on its configuration?
Regards,
Ananth
2014 Apr 21
2
TLS and intermediate CA
I have been trying to get set of libvirtd system up and running. My PKI
infrastructure involves a root CA and several intermediate CAs. I am trying
to get the machines to trust each other across the different intermediate
CAs.
This is what I have so far:
Libvirtd is starting and listening on tls port 16514 I have configured
client/server certs/keys and it seems to be using all of these
2005 Jul 24
1
logon drive, ldap ssl = start_tls, ssh and client/server encryption (and logon.bat permission tip)
Dear list,
More questions on my PDC travels ;-)
1. Is it ok, with roaming profiles on, to leave "logon drive = "
empty, as this drive seems to be confusing users?
2. All my ldap stuff is using tls, and I just want to confirm that
"ldap ssl = start_tls" is looking in /etc/ldap.conf for certificate
locations etc.?
3. Is all traffic between Windows clients and the Samba
2013 May 18
1
How to configure ssl cert chain in dovecot 10-ssl.conf file
Hi there,
Does anyone know how to do this:
"Put all the certificates in the ssl_cert file. For example when using a certificate signed by TDC the correct order is:
Dovecot's public certificate
TDC SSL Server CA
TDC Internet Root CA
Globalsign Partners CA "
I try to set these parameters in the conf.d/10-ssl.conf as below, but it seems doesn't work.
---
2016 Mar 10
2
Client-initiated secure renegotiation
On Thu, Mar 10, 2016 at 12:30 PM, Osiris <dovecot at flut.demon.nl> wrote:
> On 09-03-16 13:14, djk wrote:
>> On 09/03/16 10:44, Florent B wrote:
>>> Hi,
>>>
>>> I don't see any SSL configuration option in Dovecot to disable
>>> "Client-initiated secure renegotiation".
>>>
>>> It is advised to disable it as it can
2016 Mar 09
2
Client-initiated secure renegotiation
On 09/03/16 10:44, Florent B wrote:
> Hi,
>
> I don't see any SSL configuration option in Dovecot to disable
> "Client-initiated secure renegotiation".
>
> It is advised to disable it as it can cause DDoS (CVE-2011-1473).
>
> Is it possible to have this possibility through an SSL option or other ?
>
> Thank you.
>
> Florent
ssl_protocols = !SSLv3
2018 Feb 19
2
UID GID mapping with sssd no longer supported on samba 4.7.4?
I'm struggling with a permission problem on a samba server that is
configured to resolve unix uids and gids via nss using sssd. This mostly
works. The windows side sees files as being owned by SID=S-1-22-<unix
uid of user> and the group is SID=S-1-22-<unix gid of group>
This all works fine for files owned by the windows user, or files that
are world readable, but fails for
2016 Nov 10
2
service doveadm : ssl problems
Hello,
I'm using dovecot 2.2.13 on Debian stable.
My users are authenticated through PAM, and stored in an LDAP backend
I'm trying to set-up replication with ssl, following (mainly) this : http://wiki2.dovecot.org/Replication
1) I only diverted from the instructed setup by not setting "doveadm_port = 12345", as it would give me errors of the like:
> Fatal: