similar to: LDAP bind to AD fails

Am 18.09.19 um 19:16 schrieb Kris Lou via samba: > More than likely, certificate issues. > > If you use the IP in pfsense, then the Samba certificate needs to have the > IP as the CN. So you suggest to contact the dc via hostname ... googled this query command: # openssl s_client -connect adc1:636 tells me ... CONNECTED(00000003) depth=0 O = Samba Administration, OU = Samba -

More than likely, certificate issues. If you use the IP in pfsense, then the Samba certificate needs to have the IP as the CN. Kris Lou klou at themusiclink.net On Wed, Sep 18, 2019 at 9:42 AM Stefan G. Weichinger via samba < samba at lists.samba.org> wrote: > > Yesterday I set up the pfsense-OpenVPN-Server to auth against the samba-AD > > worked great already ... > >

Am 18.09.19 um 19:32 schrieb Stefan G. Weichinger via samba: > Am 18.09.19 um 19:28 schrieb Stefan G. Weichinger via samba: > >> So I would have to use "adc1.arbeitsgruppe.mydomain.at" > > Tried that. Doesn't help so far. > > gives: > > [2019/09/18 19:32:07.544332, 1] > ../source4/lib/tls/tls_tstream.c:1439(tstream_tls_retry_handshake) > TLS

So, I'm using Samba AD for user authentication by some web appliances, using LDAPS over port 636. I've been doing this for quite a while -- and my certificates and everything seem to check out. But this week (and with one appliance -- my firewall), I'm finding that maybe 3/20 times the bind will fail for perhaps 10 seconds. During this time, the logs read (for each failure):

Hello, I'm having a problem with using TLS in samba 4.1.4. When I try to connect to LDAP of samba 4 there is an error in the logs, which is: [2014/03/18 15:34:12.631262, 1] ../source4/lib/tls/tls_tstream.c:1338(tstream_tls_retry_handshake) TLS ../source4/lib/tls/tls_tstream.c:1338 - A record packet with illegal version was received. Here's the php script that tries to connect to

I happily and trustfully use Louis' backup-script from https://github.com/thctlo/samba4 to dump AD content via cronjob. Is it necessary/recommended to do that on *each* samba DC? Is there something server-specific in the dump(s) or is it enough to do that once per domain? thanks ...

upgrade one of 2 DCs from 4.10 to 4.11.6 seems to work, I wonder about these messages: M?r 05 09:06:21 adc1 samba[4198]: task[dreplsrv][4198]: [2020/03/05 09:06:21.737684, 0] ../../source4/dsdb/repl/drepl_notify.c:353(dreplsrv_notify_check) M?r 05 09:06:21 adc1 samba[4198]: task[dreplsrv][4198]: dreplsrv_notify_check: Failed to load repsTo for

On Wed, 2018-09-26 at 11:33 -0700, Kris Lou via samba wrote: > So, I'm using Samba AD for user authentication by some web appliances, > using LDAPS over port 636. I've been doing this for quite a while -- and > my certificates and everything seem to check out. > > But this week (and with one appliance -- my firewall), I'm finding that > maybe 3/20 times the bind

Hi Andrew, Thanks for the response. I'm running 4.7.6, there are 3 DC's, but in my tests, I'm directly pointed at only 1. And the actual CPU/ memory load is minimal - ~4%/6GB free. >From the client side, I'm pretty sure my tests are PHP calling ldap_connect() <https://github.com/pfsense/pfsense/blob/157aff9e256aa235ba68ccc2168c61fc61e90072/src/etc/inc/auth.inc#L960> .

Am 2017-12-28 um 15:55 schrieb L.P.H. van Belle via samba: > Hai Stephan, > > You need also this in smb.conf > > # enable offline logins > winbind offline logon = yes On which server(s)? The DCs? the DM? > I did also test my logins with one DC turned off. > And login on the DM is no problem or my pcs, no problem. > > I did not test the AD logins thats

I added a 2nd DC (ADC2) to a samba-ADS today. debian-9.3, samba-4.6.11 from Louis followed https://wiki.samba.org/index.php/Joining_a_Samba_DC_to_an_Existing_Active_Directory replication works afai see - We wanted to test services after turning off the first DC, and running ADC2 and a DM file-server only. DC1/backup: 10.0.0.224 ADC2: 10.0.0.230 We then get NT_STATUS_NO_LOGON_SERVERS On the

Hi, I want to use samba as AD. everything seemed to be ok so far with the install and the config. STATUS=daemon 'smbd' finished starting up and ready to serve connections Feb 27 10:34:03 ip-1XX winbindd[22083]: [2020/02/27 10:34:03.002858, 0] ../lib/util/become_daemon.c:124(daemon_ready) Feb 27 10:34:03 ip-1XX winbindd[22083]: STATUS=daemon 'winbindd' finished starting up and

> -----Oorspronkelijk bericht----- > Van: samba [mailto:samba-bounces at lists.samba.org] Namens > Stefan G. Weichinger via samba > Verzonden: donderdag 27 februari 2020 11:35 > Aan: samba at lists.samba.org > Onderwerp: Re: [Samba] samba AD directory and PHP > > Am 27.02.20 um 11:32 schrieb L.P.H. van Belle via samba: > > But your missing the important part. >

Hai,   Im seeing the following..    [2016/04/15 09:57:55.135038,  0] ../source4/lib/tls/tls_tstream.c:1216(tstream_tls_params_server)   Invalid permissions on TLS private key file 'server.key.pem':   owner uid 0 should be 0, mode 0440 should be 0600   This is known as CVE-2013-4476.   It there anyway to override this setting?  I do need 0440 here.  ( or 0400 ) 0600 is not

Hello, We are currently testing S4rc5 for an upcoming S3 to S4 migration. I am able to duplicate this issue with both classicupgrade and a new provision (both cases using internal DNS). I am able to join a 2008R2 system to the domain and promote it to a DC, however I am unable to demote it. The problem appears to be that the 2008R2 server fails replicating to the S4 DC. The specific error that I

Hi, I've got ldapsearch mostly working: root at morannon:/usr/local/samba/private/tls# ldapsearch '(sAMAccountName=dumaresq)' SASL/GSSAPI authentication started SASL username: administrator at XXX SASL SSF: 56 SASL data security layer installed. # extended LDIF # # LDAPv3 # base <> (default) with scope subtree # filter: (sAMAccountName=dumaresq) # requesting: ALL # results in

See Inline LPHvBvs> Hi Gregory, LPHvBvs> On the questions. >> Is there a good reason to avoid Samba internal DNS? LPHvBvs> No, imo not, but i only use bind9_dlz because i need bind in my lan for other setups also. LPHvBvs> I just used my RSAT on my win7 64b, but at my point it works fine. LPHvBvs> I do have questions to get a better impression of the setup. LPHvBvs>

Hello, After noticing some odd behavior on my domain, I realized that many of my DNS records are incorrect and that clients are no longer properly updating DNS. While looking into this, I also discovered that I am unable to delete MX records via AD DNS Manager or samba-tool. Both tools "see" the record but report it does not exist when I attempt to delete it. I can create new MX

Greetings, Rowland Penny! >>>> server services = s3fs, rpc, nbt, wrepl, ldap, cldap, kdc, >>>> drepl, winbindd, ntp_signd, kcc, dnsupdate >> >> Since "winbindd" is included in this line, shouldn't also "-winbind" >> be there? I think that when you use the normal winbind you must >> disable the internal one. >>

On 26/11/2019 19:44, Stefan G. Weichinger via samba wrote: > Am 26.11.19 um 20:39 schrieb Rowland penny via samba: > >>> I assume I have to start over: demote that DC2 etc >>> >>> Should have left office when I could an hour ago. >>> >> Definitely sounds like you should, you are probably tired and it is >> easy? to make mistakes when you are