similar to: ldap start_tls to microsoft active directory

Displaying 20 results from an estimated 9000 matches similar to: "ldap start_tls to microsoft active directory"

2015 Feb 10
0
ldap start_tls to microsoft active directory
Andrew, Thanks for the pointers about looking into the ldap client libs. I think I've found a situation where tls connections to the AD server on port 389 have trouble. I've added the CA cert to ldap.conf, and to the ca_root_nss file on this system. First what works: 1. ldapsearch commands with -Z to force use of tls (configured in /usr/local/etc/ldap.conf) 2. ssl connections with
2015 Jan 29
0
ldap start_tls to microsoft active directory
On Wed, 2015-01-28 at 10:11 -0600, Russell Poyner wrote: > I have 20+ freebsd 10 samba 4 servers joined to our local microsoft > active directory. At the moment things work well enough. However the > windows administrator wants to tighten his AD security by requiring tls > encrypted ldap. > > When I add: > ldap ssl = start_tls > ldap ssl ads = yes > cldap port = 389
2013 Dec 07
2
pigeonhole openssl s_client
Hi! I'm trying to get information about a server certificate from a pigeonhole sieve server. Various connection attempts show only "wrong version number" or "unknown protocol" errors from openssl: $ openssl s_client -connect example.com:4190 { -tls1, -tls1_1, -tls1_2 } [ -starttls { imap, pop3 } ] None of these work. I'm trying to see who signed the server cert. How
2015 May 02
2
LDAPS Configuration
Hi, I'm trying to convert my LDAP server into a LDAPS server to secure the users logins, but I don't know what's the procedure to do it. Someone knows any guide to do it? For now: - I've created a CA cert on the server - I've created the cert and key for the domain pdc - I've signed that cert with CA cert. - I've followed the post in samba wiki about
2016 Apr 22
0
ldap start_tls to microsoft active directory
I've encountered exact same issue as in this thread below, but I cannot figure out what the solution is https://lists.samba.org/archive/samba/2015-February/189012.html In short, my Samba 4.1.22 used to be a member of the domain, with these ldap ssl settings in the config: ldap ssl = start tls ldap ssl ads = Yes I've updated it to 4.3.8, and it now cannot talk to the domain, it shows
2014 Nov 04
2
Samba 4 - disabling SSLv3 to mitigate POODLE effects
Hi all, Am trying to find a way to disable SSLv3 protocol in smb.conf on Samba4. I am using the following: tls enabled = yes tls keyfile = tls/myKey.pem tls certfile = tls/myCert.pem tls cafile = With a self-signed cert. But when I remote connect from another host using: openssl s_client -showcerts -connect samba4-dc:636 -ssl3 I get a successful
2015 Jul 27
2
LMPT SSL
Hello, I tryed to eneble TLS connection from postfix to dovecot lmtp. Unfortunely I have problem with certificate, postfix shows, 2015-07-27T12:51:15.025333+02:00 k30 postfix/lmtp[4572]: Untrusted TLS connection established to 192.168.67.30[192.168.67.30]:24: TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits) I checked certs by openssl s_client: #openssl s_client -connect
2015 Mar 15
2
Dovecot 2.1.7 still accepting SSLv3 though disabled?
Hello, I came across a strange problem with my Dovecot 2.1.7 installation (updated Debian Wheezy) in regards to SSL/TLS connections. My configuration is as follows: $ dovecot -n | grep ssl service imap-login { ssl = yes ... } ssl_cert = <...... ssl_cipher_list =
2014 Oct 19
3
Dovecote 1.2.17 poodle
Hi, how do I protect dovecot 1.2.17 against poodle? Br /Marc -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 842 bytes Desc: Message signed with OpenPGP using GPGMail URL: <http://dovecot.org/pipermail/dovecot/attachments/20141019/b4152487/attachment-0001.sig>
2019 Dec 27
1
Disabling TLS 1.1 in Centos 7 cockpit
Sure did! I am even playing with different options (including NONE) and it seems to ignore the contents of ssl.conf I have tried Environment=G_TLS_GNUTLS_PRIORITY=NORMAL:+TLS1.2:!TLS1.1:!TLS1.0:!ECDHE-RSA-AES256-SHA: Environment=G_TLS_GNUTLS_PRIORITY=NORMAL:+TLS1.2:!TLS1.1:!TLS1.0:!ECDHE-RSA-AES256-SHA Environment=G_TLS_GNUTLS_PRIORITY=PFS
2002 Aug 22
1
Samba 2.2.5 and LDAP start_tls
Hi, I've a problem in connecting samba 2.2.5 to LDAP with ldap ssl = start_tls. I've already patched the file pdb_ldap.c and configure.in and run autconf (as described in the Samba-LDAP-PDC howto). However, doing a rpcclient servername -U root%password -c "enumprinters" shows this in the log: [2002/08/23 16:50:44, 0] passdb/pdb_ldap.c:ldap_open_connection(181) Failed to
2016 Jan 05
6
Stymied with samba vs openldap SSL ("Failed to issue the StartTLS instruction...")
I know this is something which should have a simple fix but I'm failing to see it somehow. I'm moving samba service between a couple of FreeBSD systems (9.3 to 10.2), and I'm stuck on getting samba on the new machine to connect to our openldap server over ssl - frustrating since I've been running samba+ldap for 15 years or so; feel sure I'm missing something basic!
2019 May 29
2
TLS 1.2 Support Samba-AD
Hi, Does Samba-AD support TLS 1.2 for LDAPS? If yes, can some one give more details on its configuration? Regards, Ananth
2014 Apr 21
2
TLS and intermediate CA
I have been trying to get set of libvirtd system up and running. My PKI infrastructure involves a root CA and several intermediate CAs. I am trying to get the machines to trust each other across the different intermediate CAs. This is what I have so far: Libvirtd is starting and listening on tls port 16514 I have configured client/server certs/keys and it seems to be using all of these
2005 Jul 24
1
logon drive, ldap ssl = start_tls, ssh and client/server encryption (and logon.bat permission tip)
Dear list, More questions on my PDC travels ;-) 1. Is it ok, with roaming profiles on, to leave "logon drive = " empty, as this drive seems to be confusing users? 2. All my ldap stuff is using tls, and I just want to confirm that "ldap ssl = start_tls" is looking in /etc/ldap.conf for certificate locations etc.? 3. Is all traffic between Windows clients and the Samba
2013 May 18
1
How to configure ssl cert chain in dovecot 10-ssl.conf file
Hi there, Does anyone know how to do this: "Put all the certificates in the ssl_cert file. For example when using a certificate signed by TDC the correct order is: Dovecot's public certificate TDC SSL Server CA TDC Internet Root CA Globalsign Partners CA " I try to set these parameters in the conf.d/10-ssl.conf as below, but it seems doesn't work. ---
2016 Mar 10
2
Client-initiated secure renegotiation
On Thu, Mar 10, 2016 at 12:30 PM, Osiris <dovecot at flut.demon.nl> wrote: > On 09-03-16 13:14, djk wrote: >> On 09/03/16 10:44, Florent B wrote: >>> Hi, >>> >>> I don't see any SSL configuration option in Dovecot to disable >>> "Client-initiated secure renegotiation". >>> >>> It is advised to disable it as it can
2016 Mar 09
2
Client-initiated secure renegotiation
On 09/03/16 10:44, Florent B wrote: > Hi, > > I don't see any SSL configuration option in Dovecot to disable > "Client-initiated secure renegotiation". > > It is advised to disable it as it can cause DDoS (CVE-2011-1473). > > Is it possible to have this possibility through an SSL option or other ? > > Thank you. > > Florent ssl_protocols = !SSLv3
2018 Feb 19
2
UID GID mapping with sssd no longer supported on samba 4.7.4?
I'm struggling with a permission problem on a samba server that is configured to resolve unix uids and gids via nss using sssd. This mostly works. The windows side sees files as being owned by SID=S-1-22-<unix uid of user> and the group is SID=S-1-22-<unix gid of group> This all works fine for files owned by the windows user, or files that are world readable, but fails for
2016 Nov 10
2
service doveadm : ssl problems
Hello, I'm using dovecot 2.2.13 on Debian stable. My users are authenticated through PAM, and stored in an LDAP backend I'm trying to set-up replication with ssl, following (mainly) this : http://wiki2.dovecot.org/Replication 1) I only diverted from the instructed setup by not setting "doveadm_port = 12345", as it would give me errors of the like: > Fatal: