[Samba] samba + start tls

Matt Herzog msh at blisses.org
Fri Sep 15 20:09:51 GMT 2006

On Fri, Sep 15, 2006 at 04:32:13PM -0300, Felipe Augusto van de Wiel wrote:
> Hash: SHA1
> > I have winbind working nicely with AD here. It took a while to 
> > figure out but now AD user accounts can ssh into my Linux boxen
> > reliably, which is really all I needed; just ssh access. But I
> > want to make sure all the LDAP traffic is secured via TLS/SSL.
> 	Ok, but this is not Samba part of the job. :)
> 	If Samba is not talking with your LDAP server, then this
> parameter has no effect. You should do the TLS/SSL configurations
> on your LDAP server. And you should use kerberos to have real
> security in your smb network.

There is no pure LDAP server. There is only the Win2K server that does
Microsoft's AD which (unless I am mistaken) is part LDAP, part Kerberos and part SMB. 
The Kerberos part works fine. The ssh logins through AD work fine. The
problem is that I'm connected on port 

[root at province ~]# net ads info
LDAP server:
LDAP server name: battu
LDAP port: 389
Server time: Fri, 15 Sep 2006 15:53:49 GMT
KDC server:
Server time offset: 97

> 	If it is a PEM with private certificate, shouldn't be
> world readable.

OK, so what should the perms be? 0400?

> 	Ok, it is a configuration of libldap and other software
> that will use resources to query LDAP server. But AIUI you are
> not using Samba to query LDAP, you are using winbind to do that,
> and then, your question is a little bit off-topic here. ;)

Yes. I suppose you are right. I need to subscribe to an LDAP list as well.

Announcing your plans is a good way to hear the gods' laughter.

More information about the samba mailing list