similar to: ldap start_tls to microsoft active directory

Andrew, Thanks for the pointers about looking into the ldap client libs. I think I've found a situation where tls connections to the AD server on port 389 have trouble. I've added the CA cert to ldap.conf, and to the ca_root_nss file on this system. First what works: 1. ldapsearch commands with -Z to force use of tls (configured in /usr/local/etc/ldap.conf) 2. ssl connections with

On Wed, 2015-01-28 at 10:11 -0600, Russell Poyner wrote: > I have 20+ freebsd 10 samba 4 servers joined to our local microsoft > active directory. At the moment things work well enough. However the > windows administrator wants to tighten his AD security by requiring tls > encrypted ldap. > > When I add: > ldap ssl = start_tls > ldap ssl ads = yes > cldap port = 389

Hi! I'm trying to get information about a server certificate from a pigeonhole sieve server. Various connection attempts show only "wrong version number" or "unknown protocol" errors from openssl: $ openssl s_client -connect example.com:4190 { -tls1, -tls1_1, -tls1_2 } [ -starttls { imap, pop3 } ] None of these work. I'm trying to see who signed the server cert. How

Hi, I'm trying to convert my LDAP server into a LDAPS server to secure the users logins, but I don't know what's the procedure to do it. Someone knows any guide to do it? For now: - I've created a CA cert on the server - I've created the cert and key for the domain pdc - I've signed that cert with CA cert. - I've followed the post in samba wiki about

I've encountered exact same issue as in this thread below, but I cannot figure out what the solution is https://lists.samba.org/archive/samba/2015-February/189012.html In short, my Samba 4.1.22 used to be a member of the domain, with these ldap ssl settings in the config: ldap ssl = start tls ldap ssl ads = Yes I've updated it to 4.3.8, and it now cannot talk to the domain, it shows

Hi all, Am trying to find a way to disable SSLv3 protocol in smb.conf on Samba4. I am using the following: tls enabled = yes tls keyfile = tls/myKey.pem tls certfile = tls/myCert.pem tls cafile = With a self-signed cert. But when I remote connect from another host using: openssl s_client -showcerts -connect samba4-dc:636 -ssl3 I get a successful

Hello, I tryed to eneble TLS connection from postfix to dovecot lmtp. Unfortunely I have problem with certificate, postfix shows, 2015-07-27T12:51:15.025333+02:00 k30 postfix/lmtp[4572]: Untrusted TLS connection established to 192.168.67.30[192.168.67.30]:24: TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits) I checked certs by openssl s_client: #openssl s_client -connect

Hello, I came across a strange problem with my Dovecot 2.1.7 installation (updated Debian Wheezy) in regards to SSL/TLS connections. My configuration is as follows: $ dovecot -n | grep ssl service imap-login { ssl = yes ... } ssl_cert = <...... ssl_cipher_list =

Hi, how do I protect dovecot 1.2.17 against poodle? Br /Marc -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 842 bytes Desc: Message signed with OpenPGP using GPGMail URL: <http://dovecot.org/pipermail/dovecot/attachments/20141019/b4152487/attachment-0001.sig>

Sure did! I am even playing with different options (including NONE) and it seems to ignore the contents of ssl.conf I have tried Environment=G_TLS_GNUTLS_PRIORITY=NORMAL:+TLS1.2:!TLS1.1:!TLS1.0:!ECDHE-RSA-AES256-SHA: Environment=G_TLS_GNUTLS_PRIORITY=NORMAL:+TLS1.2:!TLS1.1:!TLS1.0:!ECDHE-RSA-AES256-SHA Environment=G_TLS_GNUTLS_PRIORITY=PFS

Hi, I've a problem in connecting samba 2.2.5 to LDAP with ldap ssl = start_tls. I've already patched the file pdb_ldap.c and configure.in and run autconf (as described in the Samba-LDAP-PDC howto). However, doing a rpcclient servername -U root%password -c "enumprinters" shows this in the log: [2002/08/23 16:50:44, 0] passdb/pdb_ldap.c:ldap_open_connection(181) Failed to

I know this is something which should have a simple fix but I'm failing to see it somehow. I'm moving samba service between a couple of FreeBSD systems (9.3 to 10.2), and I'm stuck on getting samba on the new machine to connect to our openldap server over ssl - frustrating since I've been running samba+ldap for 15 years or so; feel sure I'm missing something basic!

Hi, Does Samba-AD support TLS 1.2 for LDAPS? If yes, can some one give more details on its configuration? Regards, Ananth

I have been trying to get set of libvirtd system up and running. My PKI infrastructure involves a root CA and several intermediate CAs. I am trying to get the machines to trust each other across the different intermediate CAs. This is what I have so far: Libvirtd is starting and listening on tls port 16514 I have configured client/server certs/keys and it seems to be using all of these

Dear list, More questions on my PDC travels ;-) 1. Is it ok, with roaming profiles on, to leave "logon drive = " empty, as this drive seems to be confusing users? 2. All my ldap stuff is using tls, and I just want to confirm that "ldap ssl = start_tls" is looking in /etc/ldap.conf for certificate locations etc.? 3. Is all traffic between Windows clients and the Samba

On Thu, Mar 10, 2016 at 12:30 PM, Osiris <dovecot at flut.demon.nl> wrote: > On 09-03-16 13:14, djk wrote: >> On 09/03/16 10:44, Florent B wrote: >>> Hi, >>> >>> I don't see any SSL configuration option in Dovecot to disable >>> "Client-initiated secure renegotiation". >>> >>> It is advised to disable it as it can

Hi there, Does anyone know how to do this: "Put all the certificates in the ssl_cert file. For example when using a certificate signed by TDC the correct order is: Dovecot's public certificate TDC SSL Server CA TDC Internet Root CA Globalsign Partners CA " I try to set these parameters in the conf.d/10-ssl.conf as below, but it seems doesn't work. ---

On 09/03/16 10:44, Florent B wrote: > Hi, > > I don't see any SSL configuration option in Dovecot to disable > "Client-initiated secure renegotiation". > > It is advised to disable it as it can cause DDoS (CVE-2011-1473). > > Is it possible to have this possibility through an SSL option or other ? > > Thank you. > > Florent ssl_protocols = !SSLv3

I'm struggling with a permission problem on a samba server that is configured to resolve unix uids and gids via nss using sssd. This mostly works. The windows side sees files as being owned by SID=S-1-22-<unix uid of user> and the group is SID=S-1-22-<unix gid of group> This all works fine for files owned by the windows user, or files that are world readable, but fails for

Hello, I'm using dovecot 2.2.13 on Debian stable. My users are authenticated through PAM, and stored in an LDAP backend I'm trying to set-up replication with ssl, following (mainly) this : http://wiki2.dovecot.org/Replication 1) I only diverted from the instructed setup by not setting "doveadm_port = 12345", as it would give me errors of the like: > Fatal: