similar to: ldap start_tls to microsoft active directory

On Wed, 2015-01-28 at 10:11 -0600, Russell Poyner wrote: > I have 20+ freebsd 10 samba 4 servers joined to our local microsoft > active directory. At the moment things work well enough. However the > windows administrator wants to tighten his AD security by requiring tls > encrypted ldap. > > When I add: > ldap ssl = start_tls > ldap ssl ads = yes > cldap port = 389

Andrew, Thanks for the pointers about looking into the ldap client libs. I think I've found a situation where tls connections to the AD server on port 389 have trouble. I've added the CA cert to ldap.conf, and to the ca_root_nss file on this system. First what works: 1. ldapsearch commands with -Z to force use of tls (configured in /usr/local/etc/ldap.conf) 2. ssl connections with

I have 20+ freebsd 10 samba 4 servers joined to our local microsoft active directory. At the moment things work well enough. However the windows administrator wants to tighten his AD security by requiring tls encrypted ldap. When I add: ldap ssl = start_tls ldap ssl ads = yes cldap port = 389 the net ads commands fail: net ads testjoin Failed to issue the StartTLS instruction: Connect error

Release Announcements --------------------- This is a security release in order to address the following CVEs: o CVE-2015-5370 (Multiple errors in DCE-RPC code) o CVE-2016-2110 (Man in the middle attacks possible with NTLMSSP) o CVE-2016-2111 (NETLOGON Spoofing Vulnerability) o CVE-2016-2112 (LDAP client and server don't enforce integrity) o CVE-2016-2113 (Missing TLS certificate

Release Announcements --------------------- This is a security release in order to address the following CVEs: o CVE-2015-5370 (Multiple errors in DCE-RPC code) o CVE-2016-2110 (Man in the middle attacks possible with NTLMSSP) o CVE-2016-2111 (NETLOGON Spoofing Vulnerability) o CVE-2016-2112 (LDAP client and server don't enforce integrity) o CVE-2016-2113 (Missing TLS certificate

Hai, Can you post your smb.conf that helps. But you probly forgot to set: ntlm auth = yes and maybe more, a summup: This is the full list: https://wiki.samba.org/index.php/Samba_Features_added/changed_(by_release) The complete history, have a look at the X.x.0 release notes. https://www.samba.org/samba/history/ For the major differences (new features, etc.) Upgrade samba from a : 4.4.x

You should have looked before upgrading. ... If its an AD-DC. The change to samba AD DC with systemd is: systemctl stop smbd nmbd winbind samba systemctl disable smbd nmbd winbind samba systemctl mask smbd nmbd winbind samba systemctl unmask samba-ad-dc systemctl enable samba-ad-dc systemctl start samba-ad-dc You should not start nmbd smbd winbind for the AD-DC, the

Hello! Taking advantage of the email, I tried to make an ldap query with tls and I had an error .. Version Samba 4.4.4 samba-tool testparm -v --suppress-prompt|grep tls ldap ssl = start tls tls cafile = tls/ca.pem tls certfile = tls/cert.pem tls crlfile = tls dh params file = tls enabled = Yes tls keyfile = tls/key.pem tls

Hi, I've a problem in connecting samba 2.2.5 to LDAP with ldap ssl = start_tls. I've already patched the file pdb_ldap.c and configure.in and run autconf (as described in the Samba-LDAP-PDC howto). However, doing a rpcclient servername -U root%password -c "enumprinters" shows this in the log: [2002/08/23 16:50:44, 0] passdb/pdb_ldap.c:ldap_open_connection(181) Failed to

> Message: 8 > Date: Mon, 24 Jun 2002 18:13:33 -0500 (CDT) > From: "Gerald (Jerry) Carter" <jerry@samba.org> > To: samba@samba.org > Subject: [Samba] patch for 2.2.5 and check for start_tls with OpenLDAP 2.0.x libs > > This message is in MIME format. The first part should be readable text, > while the remaining parts are likely unreadable without

FYI.... There is a bu in the configure script for 2.2.5 that prevents the script from locating the start_tls function in the OpenLDAP 2.0.x libs. Apply this patch and rerun autoconf. Should fix it. Patches configure.in and passdb/pdb_ldap.c Sorry for the inconvience. cheers, jerry --------------------------------------------------------------------- Hewlett-Packard

Dear list, More questions on my PDC travels ;-) 1. Is it ok, with roaming profiles on, to leave "logon drive = " empty, as this drive seems to be confusing users? 2. All my ldap stuff is using tls, and I just want to confirm that "ldap ssl = start_tls" is looking in /etc/ldap.conf for certificate locations etc.? 3. Is all traffic between Windows clients and the Samba

hi, it seems when dovecot use ldap user and password databases it's not possible to use tls connection and certificate with the ldap connection. wouldn't it be possible to use the same certificate on the ldap connection as used in the ssl_{cert,key}_file parameters in the dovecot conf (or would be possible to use it's own cert in the ldap conf file? yours. -- Levente

Hi, i was the one who had problems with the start_tls function. I applied the patch yesterday. But now the compiling doesn't work anymore. This is what happens : --------snipp---------- [Lots of compiling output cut away] Linking bin/smbd passdb/pdb_ldap.o: In function `pdb_setsampwent': passdb/pdb_ldap.o(.text+0x1730): multiple definition of `pdb_setsampwent'

On Wed, Nov 27, 2024, at 10:56 AM, Greg Troxel via Nut-upsuser wrote: > Dan Langille via Nut-upsuser <nut-upsuser at alioth-lists.debian.net> > writes: > >>> On the website, they say 5.73 pounds (5 lbs 11.6 oz). >>> >>> Two of the batteries were 5 lbs 11 oz. The rest were all 10, 9, or 8 oz. >>> >>> See my bar chart at

On Wed, Jan 06, 2016 at 09:00:30PM +0100, Andreas Maier wrote: > Am 06.01.2016 um 20:35 schrieb Jeremy Allison: > >On Wed, Jan 06, 2016 at 08:33:12PM +0100, Andreas Maier wrote: > >> > >>Jeremy, > >>I checked the WHATSNEW.txt file of 4.3.3 and 4.1.22, but could not > >>find anything that is related to this behavior. > >No, it's a security

Am 06.01.2016 um 20:35 schrieb Jeremy Allison: > On Wed, Jan 06, 2016 at 08:33:12PM +0100, Andreas Maier wrote: >> >> Jeremy, >> I checked the WHATSNEW.txt file of 4.3.3 and 4.1.22, but could not >> find anything that is related to this behavior. > No, it's a security release only. > >> There is a fix for CVE-2015-5252 (Insufficient symlink verification

Dan Langille via Nut-upsuser <nut-upsuser at alioth-lists.debian.net> writes: >> On the website, they say 5.73 pounds (5 lbs 11.6 oz). >> >> Two of the batteries were 5 lbs 11 oz. The rest were all 10, 9, or 8 oz. >> >> See my bar chart at https://bsd.network/web/@dvl/113555334752647203 > > The batteries are all within 3% of the expected weight. Seems

On Wed, Jan 06, 2016 at 08:33:12PM +0100, Andreas Maier wrote: > Am 06.01.2016 um 20:10 schrieb Jeremy Allison: > >On Wed, Jan 06, 2016 at 07:58:32PM +0100, Reindl Harald wrote: > >> > >>Am 06.01.2016 um 19:35 schrieb Andreas Maier: > >>>Am 06.01.2016 um 19:28 schrieb Jeremy Allison: > >>>>Can't reproduce this on latest 4.3.x (and I just

Hi Rowland, thanks for your reply. > I personally would have used 'cache directory =' , see 'man smb.conf' > for the difference. >From description based on man smb.conf I would absolutely agree. I have tried and set the "cache directory" option but still gencache.tdb (and all other files that were moved) left within the /run/samba (lock directory). Never the