similar to: LDAP problem

Hello Vinicius, I did it and this was the answer: ldapsearch -H "ldaps://devsamba.lucas.ufes.br:636" -w '*********' -D "cn=administrator,cn=users,dc=lucas,dc=ufes,dc=br" -x -b "dc=lucas,dc=ufes,dc=br" -d1 ldap_url_parse_ext(ldaps://devsamba.lucas.ufes.br:636) ldap_create ldap_url_parse_ext(ldaps://devsamba.lucas.ufes.br:636/??base) ldap_sasl_bind

Hello everyone, I'm using Samba4 in my CentOS server, and it was just fine. I could always use ldap commands like 'ldapsearch' and 'ldapadd' and I had no problem. But one day, I don't know why, I couldn't use more ldapsearch or ldapadd. They return this: ldap_sasl_bind(SIMPLE): Can't contact LDAP server (-1) I'm using the same command as always, like:

Hello Brian, Sorry to my late answer, I did what you suggest previously This error suggests a problem with your certificate. If it used to work previously, then check it hasn't expired. openssl s_client -connect devsamba.lucas.ufes.br:636 copy-paste the certificate into a pem file, including begin/end lines openssl x509 -in mycert.pem -noout -enddate And check your root CA

Sorry, am not used to a list that has real sender addresses? Samba is configured with internal DNS. # /etc/krb5.conf [libdefaults] default_realm = SAMDOM.EXAMPLE.COM dns_lookup_realm = false dns_lookup_kdc = true # /etc/ldap/ldap.conf? TLS_CACERT /etc/ssl/certs/ca-certificates.crt TLS_REQCERT allow # /etc/resolv.conf domain samdom.example.com search samdom.example.com nameserver

Hi, I have modified my /etc/ldap/ldap.conf cat /etc/ldap/ldap.conf #TLS_REQCERT HARD TLS_REQCERT ALLOW TLS_CACERT /etc/ssl/certs/msadmaster.pem After above changes net ads is succesfull with ssl/tls I have verified at Windows AD DC end that TLS is being used for communication with the help of wireshark. Though i am not sure what is impact of changing TLS_REQCERT to ALLOW from HARD

Hello Marc, Thanks for your documentation. Well I followed what you wrote, perhaps my wbinfo command fails when I try to test the connectivity. # wbinfo --ping-dc checking the NETLOGON dc connection failed failed to call wbcPingDc: WBC_ERR_WINBIND_NOT_AVAILABLE Could not ping our DC My smb.conf is now this: # Global parameters [global] netbios name = DEVLUCAS1 realm =

It works now for all my web apps ! If you have a AC.pem, juste rename in AC.crt (update-ca-certificates recognizes only crt files, man update-ca-certificates) Thank you Louis. Le 11/05/2016 10:45, L.P.H. van Belle a écrit : > I dont know LTB or what it exact is, but > > Add in /etc/ldap/ldap.conf > TLS_REQCERT allow > > Setup your own "rootCA" like this. > ( if not

Rowland, I looked at Samba wiki, but it doesn't helped me as I wanted, maybe I'm doing something wrong. This is what I tried to do: yum install pam* ./configure.developer --with-pam make && make install ln -s /usr/local/samba/lib/libnss_winbind.so.2 /lib64/libnss_winbind.so ln -s /lib64/libnss_winbind.so /lib64/libnss_winbind.so.2 modified my nsswitch.conf passwd:

Hai, If its really Debian 9, then i dont think, this is not going to work. >> /etc/openldap/ldap.conf I suggest the following. apt-get install ca-certificates mkdir -p /usr/local/share/ca-certificates/samba-ad-dc ln -s /var/lib/samba/private/tls/cert.pem /usr/local/share/ca-certificates/samba-ad-dc/samba.crt update-ca-certificates /etc/ldap/ldap.conf BASE dc=some,dc=dom,dc=tld URI

Hello! You can now change the password for the User when even this expired password or "next logon"? PS: With the active account, was already working the password change. Hug. Em 11-05-2016 07:17, Charles-Henri Falconnet escreveu: > It works now for all my web apps ! > If you have a AC.pem, juste rename in AC.crt (update-ca-certificates > recognizes only crt files, man

I dont know LTB or what it exact is, but Add in /etc/ldap/ldap.conf TLS_REQCERT allow Setup your own "rootCA" like this. ( if not done, apt-get install ca-certificates ) mkdir -p /usr/local/share/ca-certificates/chrono mv /etc/ssl/ca_chrono-dom.lan.pem /usr/local/share/ca-certificates/chrono update-ca-certificates ! MUST BE /usr/local/share/ca-certificates else its not picked up

On 15/08/2019 14:08, L.P.H. van Belle via samba wrote: > Hai, > > From what i see below. > > kinit that should work, or error in krb5.conf or resolv.conf. > What is the first resolver in resolv.conf and is samba configured with internal DNS or Bind9_DLZ? > > This is in /etc/ldap/ldap.conf > TLS_CACERT????? /etc/ssl/certs/ca-certificates.crt > TLS_REQCERT

Hai, ? From what i see below. ? kinit that should work, or error in krb5.conf or resolv.conf. What is the first resolver in resolv.conf and is samba configured with internal DNS or Bind9_DLZ? ? This is in /etc/ldap/ldap.conf TLS_CACERT????? /etc/ssl/certs/ca-certificates.crt TLS_REQCERT allow ? cp /var/lib/samba/private/krb5.conf /etc/krb5.conf not really needed, but it does not hurt. ?

Hi all! Do you know if there is any R function/package that can be used to estimate "logit" models with panel data and forecasting? Thanks, Moysés. -- Moysés Nascimento Bacharel em Estatística/UFES Mestre em Estatística Aplicada e Biometria/UFV Doutorando em Estatística e Experimentação Agropecuária/UFLA moysesnascim@gmail.com [[alternative HTML version deleted]]

Hi all, My CUPS+Samba printserver authenticates to an OpenLDAP server for Linux clients, and to AD LDAP for Windows clients. However, OpenLDAP and AD started to use different certificate chains, so I need to tell Samba to use different root CA cert when talking to AD DC. In ldap.conf I have tls_reqcert demand tls_cacert /usr/share/ca-certificates/ca-openldap.crt In smb.conf I'm trying to

On 06/08/2019 08:41, Guillaume Couvreur wrote: > Distro : Debian 9 > > log samba and smb??as attachments The log just tells me that samba_dnsupdate needs looking at. ;-) Try this: Add to the [global] section of smb.conf: ldap server require strong auth = allow_sasl_over_tls Now modify/create /etc/openldap/ldap.conf Add/change: HOST <YOUR_DCs_FQDN> TLS_CACERT

I can't find /etc/openldap/ldap.conf Le mar. 6 ao?t 2019 ? 10:16, Rowland penny via samba <samba at lists.samba.org> a ?crit : > On 06/08/2019 08:41, Guillaume Couvreur wrote: > > Distro : Debian 9 > > > > log samba and smb as attachments > > The log just tells me that samba_dnsupdate needs looking at. ;-) > > Try this: > > Add to the [global]

Hi list, Same wish here! I'd like my users to change their password using LTB (great tool) but since 4.2.10 (debian jessie) I lost the connection to samba4. I tried using TLS and port 636 in LTB's config.inc.php with a dedicated user and put the self signed AC from private/tls but it didn't work. Before the upgrade, i was on samba 4.1.17 (debian jessie) and simple bind on port 389

Hi Guys, We are getting the following error when the users are trying to change the password from their windows machine: "Configuration information could not be read from the domain controller, either machine is unavailable or access is denied" Our Samba PDC has LDAP backend. We have the following /etc/ldap/ldap.conf BASE dc=testdomain URI ldap://192.168.1.1 TLS_CACERT

Hi, We're seeing some TLS LDAP related issues in our Samba 4 PDC. Slapd gives the same message with SSL turned on and off in smb.conf slapd.service - LSB: OpenLDAP standalone server (Lightweight Directory Access Protocol) Loaded: loaded (/etc/init.d/slapd; bad; vendor preset: enabled) Active: active (running) since Tue 2018-04-03 14:54:38 AEST; 4min 12s ago Apr 03 14:54:37 mypdc