similar to: LDAPS & Windows Domain Controller

> Samba 4.13 recently removed this support. > The issue is that while it was possible to use LDAPS in some situations, it was not possible to reliably determine the hostname to verify the TLS certificate, rendering the protection moot. > Furthermore, extensive work would have been required to fully implement the 'channel bindings' required to tie the Kerberos authentication Samba

So is that a bind type not mentioned in the chart he referenced for ldp.exe? <https://docs.microsoft.com/en-us/previous-versions/windows/it-pro/windows-server-2012-r2-and-2012/cc771022(v=ws.11)#understanding-bind-options-for-ldap-authentication>Understanding bind options for LDAP authentication There are several authentication methods available in ldp that allow a client to bind to an LDAP

On Fri, 2020-10-30 at 14:10 -0500, Rob Townley wrote: > So is that a bind type not mentioned in the chart he referenced for > ldp.exe? Kerberos authentication is mentioned as: > Understanding bind options for LDAP authentication > There are several authentication methods available in ldp that allow > a client to bind to an LDAP server. The best method depends on > several

On Thu, 2020-10-29 at 22:15 +0000, Zebrose, Cordell via samba wrote: > I have a Samba file server attempting to join an Active Directory > domain using "$net ads join". The Domain Controller is running > Windows Server 2019. I'd like to force samba to use port 636 (LDAPS) > when making the LDAP connection. I've tried several settings in the > smb.conf file, but

On Fri, 2020-10-30 at 13:53 +0000, Zebrose, Cordell via samba wrote: > > Samba 4.13 recently removed this support. > > The issue is that while it was possible to use LDAPS in some > > situations, it was not possible to reliably determine the hostname > > to verify the TLS certificate, rendering the protection moot. > > Furthermore, extensive work would have been

I'm trying to confirm that LDAP traffic is encrypted on my Samba 4 DC. I have read and followed https://wiki.samba.org/index.php/Setup_LDAPS_on_a_DC but when I attempt to connect to the DC on port 636 or via ldaps:// or both via ldapsearch (linux) and ldp (windows) I cannot connect. Failed tests: *ldapsearch -I -H ldaps://dc* ldap_sasl_interactive_bind_s: Can't contact LDAP server (-1)

Hi, I'm trying to convert my LDAP server into a LDAPS server to secure the users logins, but I don't know what's the procedure to do it. Someone knows any guide to do it? For now: - I've created a CA cert on the server - I've created the cert and key for the domain pdc - I've signed that cert with CA cert. - I've followed the post in samba wiki about

On Fri, 2015-04-17 at 10:46 +0200, Luca Olivetti wrote: > El 17/04/15 a les 06:26, Fred Smith ha escrit: > > I'm trying to confirm that LDAP traffic is encrypted on my Samba 4 DC. I > > have read and followed https://wiki.samba.org/index.php/Setup_LDAPS_on_a_DC > > but when I attempt to connect to the DC on port 636 or via ldaps:// or both > > via ldapsearch (linux)

On 08/03/2023 12:58, jose.celestino--- via samba wrote: > Hi, > > We have a samba installation (4.17.5) where a winbindd is part of an > AD domain and used to authenticate radius (radiator) logins. > > The thing is, the AD administration is closing port 386 on the > password server and only allowing requests on 636 (ldaps). > > I don't seem to be able to change

Hi, We have a samba installation (4.17.5) where a winbindd is part of an AD domain and used to authenticate radius (radiator) logins. The thing is, the AD administration is closing port 386 on the password server and only allowing requests on 636 (ldaps). I don't seem to be able to change the winbindd to use the ldaps port. Tried ldap ssl = start tls ldap ssl ads = yes tls enabled = yes

2015-05-02 12:06 GMT+02:00 Daniel Carrasco Mar?n <danielmadrid19 at gmail.com>: > Hi, > > I'm trying to convert my LDAP server into a LDAPS server to secure the > users logins, but I don't know what's the procedure to do it. Someone knows > any guide to do it? > > For now: > > - I've created a CA cert on the server > - I've created the

Hello list, In my dovecot-ldap.ext I have: uris = ldaps://host1 ldaps://host2 ldaps://host2 Today host1 hangs and new connections can't be established with mail server. Connected users worked fine (auth_cache_size = 5 k auth_cache_ttl = 15 mins). At this time - host2 and host3 are working fine, but switching to them was not happen. Why ? In logs I got: Feb 09 10:20:36 imap-login: Error:

Hello from Germany, I have a problem with the following constellation: A Samba-Fileserver - Samba 3.5.6 - running in a Windows AD as a member server using idmap_ad for the mapping the User-IDs. This all works fine as long as the LDAP-port 389 is available on the domain controllers. Now, our AD admin wants to close this and move over to LDAPS. And here is my problem. How do I configure my Samba

Hello Vinicius, I did it and this was the answer: ldapsearch -H "ldaps://devsamba.lucas.ufes.br:636" -w '*********' -D "cn=administrator,cn=users,dc=lucas,dc=ufes,dc=br" -x -b "dc=lucas,dc=ufes,dc=br" -d1 ldap_url_parse_ext(ldaps://devsamba.lucas.ufes.br:636) ldap_create ldap_url_parse_ext(ldaps://devsamba.lucas.ufes.br:636/??base) ldap_sasl_bind

Hi All, I am at my wits end. I have a LDAP server setup on a machine (the names are changed to protect the innocent) example.mydomain.com running CentOS 5.4 and LDAP version 2.3.43-3. If I issue a ldapsearch command while logged onto the LDAP server host I get a valid response back. For example: > ldapsearch -x -LLL -H ldaps://example.mydomain.com:636 "(uid=joker)" \ > sn uid dn:

Hi, is there a way to define more than one NDS ldap server in smb.conf? It seems that only the first ldap server is used and if unavailable none of the other backends are going to be tried. Samba then still tries to connect over and over to the unavailable eDirectory-Server. My passdb entry looks like this (it?s all in one line): passdb backend = NDS_ldapsam:ldaps://serverA.blabla.com:636

Thank you, I've seen that commit. But even that seemed to be a STARTTLS inside a plain ldap connection (389). On Wed, Mar 8, 2023 at 6:49?PM Andrew Bartlett <abartlet at samba.org> wrote: > > On Wed, 2023-03-08 at 12:58 +0000, jose.celestino--- via samba wrote: > > Hi, > > > > We have a samba installation (4.17.5) where a winbindd is part of an > > AD

Hi there guys, do not know if post this here or in openldap list, sorry if I disturb you. I configured samba+ldap as a PDC and byt now it's working fine, so, I decided to put some security to the stuff. The problem is that I coudl not make it work, here I what I've done. This is what netstat shows. tcp 0 0 0.0.0.0:389 0.0.0.0:* LISTEN tcp 0 0 0.0.0.0:636 0.0.0.0:* LISTEN tcp 0 0

&nbsp; @import url( C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\scrollbar.css ); Hi List, &nbsp; OS: centos5.3 x86_64 OpenLDAP is installed using yum. &nbsp; I find that when all the ldap servers are down and offline, the operations on the client is slow. When I try to do `ls` on the directories on the client as root, it waits there for some

Hello, lists. I'm struggling to find out, how one can change password of an active directory (based on samba4) user via LDAP. The problem is that if I try to use userPassword parameter: dn: CN=John Smith,cn=Users,DC=domain,DC=com changetype: modify replace: userPassword userPassword: newPassword ldapmodify -v -c -a -f filename.ldif -H ldaps://server.domain.com -D\ administrator at