similar to: Centos 7 Samba4 SSL/TLS Support?

No I don't have a AD. This only apply to AD environment only? In our case we are a NT4 style, samba4 can talk to a ldap over ssl them? thanks. On Tue, Apr 18, 2017 at 10:31 AM, Rowland Penny <rpenny at samba.org> wrote: > On Tue, 18 Apr 2017 10:21:33 -0700 > Alberto Moreno via samba <samba at lists.samba.org> wrote: > > > Hi. > > > > Following this

Hello, I just configured a three-site DCs setup with Samba 4.6.0, and replication worked great. But then I added a custom cert to one of the DCs to authenticate various apps against it. I used this wiki https://wiki.samba.org/index. php/Configuring_LDAP_over_SSL_(LDAPS)_on_a_Samba_AD_DC Now I can authenticate my apps over LDAPS against my DC, but broke replication. How do I need to configure

Hi, after a successfully migrating my NT4 with OpenLDAP to a Samba4 AD...I got a problem. Like in the sambawiki tutorial (https://wiki.samba.org/index.php/Configuring_LDAP_over_SSL_(LDAPS)_on_a_Samba_AD_DC) I tried to configure LDAPS. I used the auto-configured certs. They are located in "/var/lib/samba/private/tls". My smb.conf: # Global parameters [global] netbios name = PDC

On Sat, 2017-03-11 at 13:39 +1300, Andrew Bartlett via samba wrote: > On Fri, 2017-03-10 at 16:17 -0600, Mircea Husz via samba wrote: > > > > Hello, > > > > I just configured a three-site DCs setup with Samba 4.6.0, and > > replication worked great. > > But then I added a custom cert to one of the DCs to authenticate > > various apps against it. I

Also: -H ldap://10.100.0.4 should probably be ldaps://URI You can potentially this in smb.conf, but that is definitely not recommended. https://wiki.samba.org/index.php/Configuring_LDAP_over_SSL_(LDAPS)_on_a_Samba_AD_DC Kris Lou klou at themusiclink.net On Wed, Sep 5, 2018 at 2:10 AM, Rowland Penny via samba < samba at lists.samba.org> wrote: > On Wed, 05 Sep 2018 15:46:04 +0700

https://wiki.samba.org/index.php/Configuring_LDAP_over_SSL_(LDAPS)_on_a_Samba_AD_DC <https://wiki.samba.org/index.php/Configuring_LDAP_over_SSL_(LDAPS)_on_a_Samba_AD_DC> > On Sep 3, 2016, at 7:59 AM, Fosiul Alam via samba <samba at lists.samba.org> wrote: > > Hi Both > Thanks > > from Samba4 side i need this help, I can see that sshd has this option, can > you

I am currently NOT using SSL on my Samba domain. While reading "Configuring_LDAP_over_SSL_(LDAPS)_on_a_Samba_AD_DC" and thinking about implementing. I'm having trouble "getting my head" around what certificates go where. Simply put, I am not clear as to generating certificates on the clients and then copy which files to to the server or vice versa? What happens when

My customer complain that in the AD DC they see the following insecure communication coming from the Samba server (DC member): "The following client performed a SASL (Negotiate/Kerberos/NTLM/Digest) LDAP bind without requesting signing (integrity verification), or performed a simple bind over a cleartext (non-SSL/TLS-encrypted) LDAP connection." So Samba does an insecure LDAP bind and

Hi everyone, I have a basic SAMBA setup with a main AD DC ad1 and a backup AD DC ad2, running on Samba 4.5.16-Debian on Raspbian. I would now like to enable LDAPS so my users can authenticate in other non Samba services using Active Directory. From reading the documentation here: https://wiki.samba.org/index.php/Configuring_LDAP_over_SSL_(LDAPS)_on_a_Samba_AD_DC I understand that for the most

Hi All, This Samba release changelog (https://wiki.samba.org/index.php/Updating_Samba#Incorrect_TLS_File_Permissions) specifically mentions a security issue and that that the multiple *.pem files needed for LDAP via TLS all need "special permissions" - and mentions to delete old files without the required permissions to force file renewal. Yet in the official Samba documentation

Hi, Does Samba-AD support TLS 1.2 for LDAPS? If yes, can some one give more details on its configuration? Regards, Ananth

If I were guessing, based on some experience with certificate usage in other apps, concatenate your certificate and intermediate certificates into a single file which is then your "tls certfile" then point "tls cafile" to your issuers proper CA or just to your distro's CA bundle, e.g /etc/pki/tls/certs/ca-bundle.crt. Nick On 06/08/2020 16:36, MAS Jean-Louis via samba

Hello, is there any documented procedure to configure a samba domain member (AD windows domain) to use LDAPS instead of LDAP Thanks Andrea

On 4/17/2018 3:56 AM, Marco Gaiarin via samba wrote: > Mandi! lingpanda101 via samba > In chel di` si favelave... > >>     When using a custom self-signed certificate, what is the appropriate >> value for 'tls verify peer ='? > ...AFAIk the same for every certificates; the CA's certificates have to > be in ''central store'', or have to be

I have OpenSSL forgenrate the CA root file in my server and work fine. My question is, ?howto i say to Samba (configuration) for work with CA certificates? . I dont find information about this. Thanks. Saludos. --- Miguel El mar., 10 nov. 2020 a las 15:22, S?rgio Basto (<sergio at serjux.com>) escribi?: > On Tue, 2020-11-10 at 14:48 -0300, Miguel Angel Coa M. via samba wrote: >

The wiki has a page https://wiki.samba.org/index.php/Configuring_LDAP_over_SSL_(LDAPS)_on_a_Samba_AD_DC that discusses LDAPS but I am going to assume this only applies if using Samba as a domain controller? I also see there is a setting for "tls enabled" in the smb.conf file as well along with some other settings for configuring TLS. Can/should any of these be used when using

Le 06/08/2020 ? 17:43, Nick Howitt via samba a ?crit?: > If I were guessing, based on some experience with certificate usage in > other apps, concatenate your certificate and intermediate certificates > into a single file which is then your "tls certfile" then point "tls > cafile" to your issuers proper CA or just to your distro's CA bundle, > e.g

Hi, I'm trying to convert my LDAP server into a LDAPS server to secure the users logins, but I don't know what's the procedure to do it. Someone knows any guide to do it? For now: - I've created a CA cert on the server - I've created the cert and key for the domain pdc - I've signed that cert with CA cert. - I've followed the post in samba wiki about

Comments inline > -----Oorspronkelijk bericht----- > Van: lingpanda101 [mailto:lingpanda101 at gmail.com] > Verzonden: dinsdag 22 november 2016 15:32 > Aan: L.P.H. van Belle; samba at lists.samba.org > Onderwerp: Re: [Samba] Reverse zones fail with secure updates > > Hi Louis, > > Comments inline > > On 11/22/2016 3:38 AM, L.P.H. van Belle via samba

Any ideas? On Mon, May 29, 2017 at 2:41 PM, Alberto Moreno <portsbsd at gmail.com> wrote: > This is really critic, If some one could give support by remote ($$$) > great. > > On Mon, May 29, 2017 at 2:40 PM, Alberto Moreno <portsbsd at gmail.com> > wrote: > >> What info could help? >> Centos 6 is still not EOL yet (2020 right?). >> >> On