similar to: LDAP ssl issue on port 636

Hello! Taking advantage of the email, I tried to make an ldap query with tls and I had an error .. Version Samba 4.4.4 samba-tool testparm -v --suppress-prompt|grep tls ldap ssl = start tls tls cafile = tls/ca.pem tls certfile = tls/cert.pem tls crlfile = tls dh params file = tls enabled = Yes tls keyfile = tls/key.pem tls

I'm using a Samba4 ADDC and just noticed that the SSL that was created at install time is about to expire. Is there something Samba specific to create a new certificate, or should I manually create a new one using openssl? Thanks!

Hi all, I'd like to perform some ldapsearch against my AD domain. And I'd like to be able to perform these ldapsearch using GSSAPI to avoid usage of password in scripts. DC are using default configuration file: ---------------------------------------- # Global parameters [global] workgroup = SAMBA.DOMAIN realm = SAMBA.DOMAIN.TLD netbios name = M707 server

Hi, I've got ldapsearch mostly working: root at morannon:/usr/local/samba/private/tls# ldapsearch '(sAMAccountName=dumaresq)' SASL/GSSAPI authentication started SASL username: administrator at XXX SASL SSF: 56 SASL data security layer installed. # extended LDIF # # LDAPv3 # base <> (default) with scope subtree # filter: (sAMAccountName=dumaresq) # requesting: ALL # results in

Can somebody tell me what this error means (server, domain etc. changed to protect the innocent)? ldapsearch -H ldap://ldapserv-1.example.com:389 -ZZ -W -D cn=Boss,dc=example,dc=com -b dc=example,dc=com uid=testuser homeDirectory ldap_start_tls: Connect error (-11) additional info: TLS error -8023:A PKCS #11 module returned CKR_DEVICE_ERROR, indicating that a problem has occurred with the

Hello, I'm having a problem with using TLS in samba 4.1.4. When I try to connect to LDAP of samba 4 there is an error in the logs, which is: [2014/03/18 15:34:12.631262, 1] ../source4/lib/tls/tls_tstream.c:1338(tstream_tls_retry_handshake) TLS ../source4/lib/tls/tls_tstream.c:1338 - A record packet with illegal version was received. Here's the php script that tries to connect to

Hi @all, I cannot use this patch in 2.2.5. I patched the source before with parse_sec.patch ldap_start_tls.patch Makefile.in.patch srv_spoolss_nt.patch addform.diff Containes the samba-2.2.5-printing.patch only parts of the above patches? tom

Hello Rowland, ldap search command throws error as below. I am unable to search ldap. ------- ldap_initialize( ldap://dc.exza.local:3268 ) ldap_start_tls: Can't contact LDAP server (-1) Enter LDAP Password: ldap_sasl_bind(SIMPLE): Can't contact LDAP server (-1) ---------- I am using BIND_DLZ dns back end. and server is listening on 3268 and 3269 -- Thanks & Regards, Anantha

Hi, Did this issue get resolved? Can someone tell me how it was resolved and what needs to be done? I am running into the same issue. Thanks, Prakash

On Fri, 2015-04-17 at 10:46 +0200, Luca Olivetti wrote: > El 17/04/15 a les 06:26, Fred Smith ha escrit: > > I'm trying to confirm that LDAP traffic is encrypted on my Samba 4 DC. I > > have read and followed https://wiki.samba.org/index.php/Setup_LDAPS_on_a_DC > > but when I attempt to connect to the DC on port 636 or via ldaps:// or both > > via ldapsearch (linux)

I am running Redhat Linux 9, openldap 2.2.15, Bdb - 4.2.52, openssl - 0.9.7d, smbldap-tools-0.8.5 and samba - 3.0.6. When I try to migrate my users from NT 4 domain to Samba, using the net vampire command, I get the following error: [2004/08/25 14:58:59, 0]Lib/smbldap.c:smbldap_open_connection(623) Failed to issue the StartTLS instruction: Connect error Broken pipe Am I missing

I'm trying to confirm that LDAP traffic is encrypted on my Samba 4 DC. I have read and followed https://wiki.samba.org/index.php/Setup_LDAPS_on_a_DC but when I attempt to connect to the DC on port 636 or via ldaps:// or both via ldapsearch (linux) and ldp (windows) I cannot connect. Failed tests: *ldapsearch -I -H ldaps://dc* ldap_sasl_interactive_bind_s: Can't contact LDAP server (-1)

Hi, We provide DC Host's IP address and port as 3268 and user DN of administrator as CN=Administrator,CN=Users,DC=ktkbank,DC=com and supply password. But proxy reports "unable to connect to directory". However, the Proxy's Content Gateway is a member of AD DC and it uses integrated windows authentication. -- Thanks & Regards, Anantha Raghava DISCLAIMER: This

Hi people, i have a problem with trying ldaps i use autogenerated self-signed certificate, i write in smb this: tls enabled = yes tls keyfile = tls/key.pem tls certfile = tls/cert.pem without cafile when i try to verify with: openssl verify /usr/local/samba/private/tls/myCert.pem it said me unable to verify the first certificate and if add -CApath works! and finally when i try from another

Hi all! I'm very close to have a fully functional samba and openldap. Thanks to idealx.org. I just need to understand how it works. Everything works accept one thing. When I change TLSVerifyClient allow to TLSVerifyClient demand in slapd.conf and do: ldapsearch -x -ZZ -b 'dc=yourdomain,dc=com' '(objectclass=*)' -d 127 in the end I get: ldap_chkResponseList for msgid=2, all=1

I have samba 2.2.5 on RedHat 7.3. I have installed the following patches on samba: Makefile.in.patch ldap_start_tls.patch parse_sec.patch srv_spoolss_nt.patch from ftp://ftp.samba.org/pub/jerry/patches/post-2.2.5 Still experiencing frequent windows nt 4 spooler crashes when installing or removing printers from the samba server. If I disable winbind and the clients login as nobody, the problem

Yohoo! I have some issues with the smartd in CentOS5/x64 I edited the /etc/smartd.conf for my needs and restarted the smartd with "service smartd restart". But the start script is overriding my file. I checked it and saw the following lines: ---------------/etc/init.d/smartd------------ case "$1" in start | reload | restart) GEN_CONF="*SMARTD*AUTOGENERATED*" [ !

Hello, I'm using Samba 4.5.1 as a ADDC and the internal DNS. If I use 'allow dns updates = secure' in my smb.conf. Only A records update. The applicable reverse zone fails to update. If I switch to using non secure updates both the A and the PTR records are updated. Is someone else able to confirm this behavior? Thanks. -- - James

Hi, I have configured dovecot for auth_bind against an LDAP server on the localhost and I'm seeing the following error in my dovecot logs: dovecot: Apr 30 09:03:18 Error: auth(default): LDAP: ldap_result() failed: Can't contact LDAP server dovecot: Apr 30 09:03:27 Error: auth(default): LDAP: ldap_result() failed: Can't contact LDAP server ... and so on ... When I turned on LDAP

Hi Marc, >> The cause is that the password change didn' reach both AD DCs, but only >> one. The other one still had the old value as could be seen by >> samba-tool ldapcmp. Restarting the DCs and waiting for a couple of >> seconds brings them back to sync and Windows logons work as they used to. >> Any idea, what I should do next time to obtain valuable output