similar to: LDAP bind to AD fails

Displaying 20 results from an estimated 400 matches similar to: "LDAP bind to AD fails"

2019 Sep 18
2
LDAP bind to AD fails
Am 18.09.19 um 19:16 schrieb Kris Lou via samba: > More than likely, certificate issues. > > If you use the IP in pfsense, then the Samba certificate needs to have the > IP as the CN. So you suggest to contact the dc via hostname ... googled this query command: # openssl s_client -connect adc1:636 tells me ... CONNECTED(00000003) depth=0 O = Samba Administration, OU = Samba -
2019 Sep 18
0
LDAP bind to AD fails
More than likely, certificate issues. If you use the IP in pfsense, then the Samba certificate needs to have the IP as the CN. Kris Lou klou at themusiclink.net On Wed, Sep 18, 2019 at 9:42 AM Stefan G. Weichinger via samba < samba at lists.samba.org> wrote: > > Yesterday I set up the pfsense-OpenVPN-Server to auth against the samba-AD > > worked great already ... > >
2019 Sep 18
2
LDAP bind to AD fails
Am 18.09.19 um 19:32 schrieb Stefan G. Weichinger via samba: > Am 18.09.19 um 19:28 schrieb Stefan G. Weichinger via samba: > >> So I would have to use "adc1.arbeitsgruppe.mydomain.at" > > Tried that. Doesn't help so far. > > gives: > > [2019/09/18 19:32:07.544332, 1] > ../source4/lib/tls/tls_tstream.c:1439(tstream_tls_retry_handshake) > TLS
2018 Sep 26
2
Debugging TLS Retry Handshake errors
So, I'm using Samba AD for user authentication by some web appliances, using LDAPS over port 636. I've been doing this for quite a while -- and my certificates and everything seem to check out. But this week (and with one appliance -- my firewall), I'm finding that maybe 3/20 times the bind will fail for perhaps 10 seconds. During this time, the logs read (for each failure):
2014 Mar 18
1
A record packet with illegal version was received.
Hello, I'm having a problem with using TLS in samba 4.1.4. When I try to connect to LDAP of samba 4 there is an error in the logs, which is: [2014/03/18 15:34:12.631262, 1] ../source4/lib/tls/tls_tstream.c:1338(tstream_tls_retry_handshake) TLS ../source4/lib/tls/tls_tstream.c:1338 - A record packet with illegal version was received. Here's the php script that tries to connect to
2019 Aug 30
5
backup AD content
I happily and trustfully use Louis' backup-script from https://github.com/thctlo/samba4 to dump AD content via cronjob. Is it necessary/recommended to do that on *each* samba DC? Is there something server-specific in the dump(s) or is it enough to do that once per domain? thanks ...
2020 Mar 05
3
DCs from 4.10.x to 4.11.x
upgrade one of 2 DCs from 4.10 to 4.11.6 seems to work, I wonder about these messages: M?r 05 09:06:21 adc1 samba[4198]: task[dreplsrv][4198]: [2020/03/05 09:06:21.737684, 0] ../../source4/dsdb/repl/drepl_notify.c:353(dreplsrv_notify_check) M?r 05 09:06:21 adc1 samba[4198]: task[dreplsrv][4198]: dreplsrv_notify_check: Failed to load repsTo for
2018 Sep 27
0
Debugging TLS Retry Handshake errors
On Wed, 2018-09-26 at 11:33 -0700, Kris Lou via samba wrote: > So, I'm using Samba AD for user authentication by some web appliances, > using LDAPS over port 636. I've been doing this for quite a while -- and > my certificates and everything seem to check out. > > But this week (and with one appliance -- my firewall), I'm finding that > maybe 3/20 times the bind
2018 Sep 27
1
Debugging TLS Retry Handshake errors
Hi Andrew, Thanks for the response. I'm running 4.7.6, there are 3 DC's, but in my tests, I'm directly pointed at only 1. And the actual CPU/ memory load is minimal - ~4%/6GB free. >From the client side, I'm pretty sure my tests are PHP calling ldap_connect() <https://github.com/pfsense/pfsense/blob/157aff9e256aa235ba68ccc2168c61fc61e90072/src/etc/inc/auth.inc#L960> .
2017 Dec 28
1
2nd samba DC: NT_STATUS_NO_LOGON_SERVERS
Am 2017-12-28 um 15:55 schrieb L.P.H. van Belle via samba: > Hai Stephan, > > You need also this in smb.conf > > # enable offline logins > winbind offline logon = yes On which server(s)? The DCs? the DM? > I did also test my logins with one DC turned off. > And login on the DM is no problem or my pcs, no problem. > > I did not test the AD logins thats
2017 Dec 28
2
2nd samba DC: NT_STATUS_NO_LOGON_SERVERS
I added a 2nd DC (ADC2) to a samba-ADS today. debian-9.3, samba-4.6.11 from Louis followed https://wiki.samba.org/index.php/Joining_a_Samba_DC_to_an_Existing_Active_Directory replication works afai see - We wanted to test services after turning off the first DC, and running ADC2 and a DM file-server only. DC1/backup: 10.0.0.224 ADC2: 10.0.0.230 We then get NT_STATUS_NO_LOGON_SERVERS On the
2020 Feb 27
9
Samba AD - Different IP than the existing one assigned
Hi, I want to use samba as AD. everything seemed to be ok so far with the install and the config. STATUS=daemon 'smbd' finished starting up and ready to serve connections Feb 27 10:34:03 ip-1XX winbindd[22083]: [2020/02/27 10:34:03.002858, 0] ../lib/util/become_daemon.c:124(daemon_ready) Feb 27 10:34:03 ip-1XX winbindd[22083]: STATUS=daemon 'winbindd' finished starting up and
2020 Feb 27
2
samba AD directory and PHP
> -----Oorspronkelijk bericht----- > Van: samba [mailto:samba-bounces at lists.samba.org] Namens > Stefan G. Weichinger via samba > Verzonden: donderdag 27 februari 2020 11:35 > Aan: samba at lists.samba.org > Onderwerp: Re: [Samba] samba AD directory and PHP > > Am 27.02.20 um 11:32 schrieb L.P.H. van Belle via samba: > > But your missing the important part. >
2016 Apr 15
5
file rights tls key files.
Hai,   Im seeing the following..    [2016/04/15 09:57:55.135038,  0] ../source4/lib/tls/tls_tstream.c:1216(tstream_tls_params_server)   Invalid permissions on TLS private key file 'server.key.pem':   owner uid 0 should be 0, mode 0440 should be 0600   This is known as CVE-2013-4476.   It there anyway to override this setting?  I do need 0440 here.  ( or 0400 ) 0600 is not
2012 Nov 21
1
Failure demoting 2008_R2 DC (S4rc5)
Hello, We are currently testing S4rc5 for an upcoming S3 to S4 migration. I am able to duplicate this issue with both classicupgrade and a new provision (both cases using internal DNS). I am able to join a 2008R2 system to the domain and promote it to a DC, however I am unable to demote it. The problem appears to be that the 2008R2 server fails replicating to the S4 DC. The specific error that I
2011 Apr 23
1
ldapsearch with samba4
Hi, I've got ldapsearch mostly working: root at morannon:/usr/local/samba/private/tls# ldapsearch '(sAMAccountName=dumaresq)' SASL/GSSAPI authentication started SASL username: administrator at XXX SASL SSF: 56 SASL data security layer installed. # extended LDIF # # LDAPv3 # base <> (default) with scope subtree # filter: (sAMAccountName=dumaresq) # requesting: ALL # results in
2018 May 22
3
RSAT Hang
See Inline LPHvBvs> Hi Gregory, LPHvBvs> On the questions. >> Is there a good reason to avoid Samba internal DNS? LPHvBvs> No, imo not, but i only use bind9_dlz because i need bind in my lan for other setups also. LPHvBvs> I just used my RSAT on my win7 64b, but at my point it works fine. LPHvBvs> I do have questions to get a better impression of the setup. LPHvBvs>
2013 Mar 20
1
Clients no longer updating DNS & unable to delete MX records
Hello, After noticing some odd behavior on my domain, I realized that many of my DNS records are incorrect and that clients are no longer properly updating DNS. While looking into this, I also discovered that I am unable to delete MX records via AD DNS Manager or samba-tool. Both tools "see" the record but report it does not exist when I attempt to delete it. I can create new MX
2015 Apr 23
4
RFC2307 attributes not being read by DC2 in 4.2.1
Greetings, Rowland Penny! >>>> server services = s3fs, rpc, nbt, wrepl, ldap, cldap, kdc, >>>> drepl, winbindd, ntp_signd, kcc, dnsupdate >> >> Since "winbindd" is included in this line, shouldn't also "-winbind" >> be there? I think that when you use the normal winbind you must >> disable the internal one. >>
2019 Nov 26
2
4.9.x -> 4.10.x : any major things to consider?
On 26/11/2019 19:44, Stefan G. Weichinger via samba wrote: > Am 26.11.19 um 20:39 schrieb Rowland penny via samba: > >>> I assume I have to start over: demote that DC2 etc >>> >>> Should have left office when I could an hour ago. >>> >> Definitely sounds like you should, you are probably tired and it is >> easy? to make mistakes when you are