Displaying 20 results from an estimated 5000 matches similar to: "Debugging TLS Retry Handshake errors"
2018 Sep 27
1
Debugging TLS Retry Handshake errors
Hi Andrew,
Thanks for the response. I'm running 4.7.6, there are 3 DC's, but in my
tests, I'm directly pointed at only 1. And the actual CPU/ memory load is
minimal - ~4%/6GB free.
>From the client side, I'm pretty sure my tests are PHP calling
ldap_connect()
<https://github.com/pfsense/pfsense/blob/157aff9e256aa235ba68ccc2168c61fc61e90072/src/etc/inc/auth.inc#L960>
.
2019 Sep 18
2
LDAP bind to AD fails
Yesterday I set up the pfsense-OpenVPN-Server to auth against the samba-AD
worked great already ...
Now without a change I get errors and wonder why.
I used the IP as "host" and TCP-STARTTLS to port 389
log.samba shows:
[2019/09/18 18:38:22.123976, 1]
../source4/lib/tls/tls_tstream.c:1439(tstream_tls_retry_handshake)
TLS ../source4/lib/tls/tls_tstream.c:1439 - A TLS fatal alert
2018 Sep 27
0
Debugging TLS Retry Handshake errors
On Wed, 2018-09-26 at 11:33 -0700, Kris Lou via samba wrote:
> So, I'm using Samba AD for user authentication by some web appliances,
> using LDAPS over port 636. I've been doing this for quite a while -- and
> my certificates and everything seem to check out.
>
> But this week (and with one appliance -- my firewall), I'm finding that
> maybe 3/20 times the bind
2019 Sep 18
2
LDAP bind to AD fails
Am 18.09.19 um 19:16 schrieb Kris Lou via samba:
> More than likely, certificate issues.
>
> If you use the IP in pfsense, then the Samba certificate needs to have the
> IP as the CN.
So you suggest to contact the dc via hostname ...
googled this query command:
# openssl s_client -connect adc1:636
tells me ...
CONNECTED(00000003)
depth=0 O = Samba Administration, OU = Samba -
2014 Mar 18
1
A record packet with illegal version was received.
Hello,
I'm having a problem with using TLS in samba 4.1.4. When I try to
connect to LDAP of samba 4 there is an error in the logs, which is:
[2014/03/18 15:34:12.631262, 1]
../source4/lib/tls/tls_tstream.c:1338(tstream_tls_retry_handshake)
TLS ../source4/lib/tls/tls_tstream.c:1338 - A record packet with
illegal version was received.
Here's the php script that tries to connect to
2019 Sep 18
0
LDAP bind to AD fails
More than likely, certificate issues.
If you use the IP in pfsense, then the Samba certificate needs to have the
IP as the CN.
Kris Lou
klou at themusiclink.net
On Wed, Sep 18, 2019 at 9:42 AM Stefan G. Weichinger via samba <
samba at lists.samba.org> wrote:
>
> Yesterday I set up the pfsense-OpenVPN-Server to auth against the samba-AD
>
> worked great already ...
>
>
2018 Sep 05
2
Authenticating against Samba 4 AD LDAP service
Also:
-H ldap://10.100.0.4
should probably be ldaps://URI
You can potentially this in smb.conf, but that is definitely not
recommended.
https://wiki.samba.org/index.php/Configuring_LDAP_over_SSL_(LDAPS)_on_a_Samba_AD_DC
Kris Lou
klou at themusiclink.net
On Wed, Sep 5, 2018 at 2:10 AM, Rowland Penny via samba <
samba at lists.samba.org> wrote:
> On Wed, 05 Sep 2018 15:46:04 +0700
2016 Jul 28
1
Samba 4.2.x requiring TLS authentication
IMHO, in short, learn to use encrypted connections.
2016-07-27 22:38 GMT+02:00 Kris Lou <klou at themusiclink.net>:
> As of 4.2.11: https://www.samba.org/samba/security/CVE-2016-2112.html
>
> ===================
> New smb.conf option
> ===================
>
> ldap server require strong auth (G)
>
> The ldap server require strong auth defines whether the
2016 Jul 27
3
Samba 4.2.x requiring TLS authentication
Hi everyone,
I have installed a Samba AD DC version 4.2.11-20 in a Centos 6.7 machine
and joined it in an existing domain. Everything seems working fine except I
can't bind to it using LDAP simple authentication. When I try to perform a
simple ldapsearch I get the following response:
ldap_bind: Strong(er) authentication required (8)
additional info: BindSimple: Transport encryption required.
2018 Sep 19
4
DNS Round Robin not working?
Hi all,
I seem to have run into a case where my DC's aren't being round-robin'ed by
DNS. I've got 3 DC's using Internal DNS, but every time I ping mydomain.com
and check the results (ipconfig /displaydns), it's always in the same order.
The same order appears when I query the DC's directly, individually:
# nslookup mydomain.com 172.23.51.5
Server:
2018 Oct 09
3
Samba server fails to save settings
Hello,
I am trying to add shares by configuring the server through Yast on an
OpenSuse Tumblweed and KDE desktop on a Dell machine.
The Samba package is version 4.9.1 on a i586 (32-bit) architecture.
After making changes using the Samba Server GUI invoked from Yast I press OK
and come out. But none of the changes are saved.
I would be grateful if some could help.
Kind regards,
2020 Sep 09
3
Which log file?
I've found that some embedded devices have older CIFS clients, which can
only talk over SMB1. So, you can adjust your server to allow it, or look
for another file transport.
Kris Lou
klou at themusiclink.net
On Wed, Sep 9, 2020 at 3:16 PM Jeremy Allison via samba <
samba at lists.samba.org> wrote:
> On Wed, Sep 09, 2020 at 02:35:28PM -0700, Peter Pollock via samba wrote:
>
2019 Sep 18
2
LDAP bind to AD fails
Am 18.09.19 um 19:32 schrieb Stefan G. Weichinger via samba:
> Am 18.09.19 um 19:28 schrieb Stefan G. Weichinger via samba:
>
>> So I would have to use "adc1.arbeitsgruppe.mydomain.at"
>
> Tried that. Doesn't help so far.
>
> gives:
>
> [2019/09/18 19:32:07.544332, 1]
> ../source4/lib/tls/tls_tstream.c:1439(tstream_tls_retry_handshake)
> TLS
2020 Feb 11
3
Failover DC did not work when Main DC failed
On 03/02/2020 18:49, Kris Lou via samba wrote:
>
> From windows:
> echo %logonserver%
\\DC3
> nltest /dsgetdc:<domain>
DC:\\DC3
Address: \\192.168.0.218
Dom Guid: bla bla bla
...
The command completed successfully.
> From a *nix domain member (i.e. client, not DC):
> wbinfo --getdcname=<domain>
> winbind --ping-dc
wbinfo --getdcname=MYDOMAIN
DC3
wbinfo
2016 Jul 15
2
Samba 4.2.14 Internal DNS not returning DNAME records?
I have a bit of an oddity here: I'm using Samba 4.2.14 with AD, using
Samba's internal DNS to serve to my domain (and forwarding others to Google
Public DNS 8.8.8.8).
However, it looks like client queries (and subsequent forwards) to a
vendor's URL (www.pitneybowes.us) fail, but are successful if I query
Google directly:
[root at XXXX~]# nslookup -type=any www.pitneybowes.us
>
2023 Dec 27
1
bind crashes after samba upgrade
On Wed, Dec 27, 2023 at 12:21?PM Sonic <sonicsmith at gmail.com> wrote:
> On Wed, Dec 27, 2023 at 2:31?PM Kris Lou via samba
> <samba at lists.samba.org> wrote:
> > > named.conf.local
> > > =====================
> > > include "/usr/local/samba/private/named.conf";
> > > =====================
> >
> > Is the correct
2019 Aug 15
1
Reset Locked account
So you have to reset the other account flags after doing it?
On 08/15/2019 02:43 PM, Kris Lou via samba wrote:
> pdbedit -c="[]" <user>
>
> This clears the Account Flags (warning, clears ALL Account flags) that you
> can also view via "pdbedit -Lv <user>"
>
>
> Kris Lou
> klou at themusiclink.net
>
>
> On Thu, Aug 15, 2019 at 12:11
2020 Feb 01
4
Failover DC did not work when Main DC failed
On 01/02/2020 15:10, Rowland penny via samba wrote:
> Not really, all Samba AD DC's are global catalogs ;-)
Ah, OK... so we don't need to worry about that then?
--
Paul Littlefield
Telephone: 07801 125705
Email: info at paully.co.uk
Wiki: http://wiki.indie-it.com/wiki/Special:AllPages
LinkedIn: https://www.linkedin.com/in/paullittlefield
Paul Littlefield is environmentally
2018 Aug 10
3
AD migration+ Passwd
Hi All,
We're migrating our environment to AD. The question we have is about the
users in /etc/passwd. Our users are in the TDB and /etc/passwd. What is the
best way to purge the users from /etc/passwd? If we remove them manually,
the user info cannot be enumerated using getent passwd.
Any suggestions/
Thanks,
RT
2018 Feb 22
1
SAMBA failed join domain DC
Perhaps try http://wing-repo.net/ for CentOS rpms?
The readme is out of date -- inspecting the repo at
http://wing-repo.net/wing will find 4.6, 4.7 (in extras), 4.8rc3.
Kris Lou
klou at themusiclink.net
On Wed, Feb 21, 2018 at 8:27 PM, denis.shigapov via samba <
samba at lists.samba.org> wrote:
> We have the standard centos.
> I have recompiled packages from Fedora, as well as all