[Samba] Allow unencrypted TLS LDAP query
L.P.H. van Belle
belle at bazuin.nl
Fri Aug 19 06:58:31 UTC 2016
Or better, drop the ldap auth and go use kerberos auth, faster and more secure by default.
If you want to know the config, just ask me. Im running that.
Samba 4.4.5 ad, squid 3.5.19 + squidclamav-icap
With kerberos auth, fallback to NTLM auth, fallback to ldap(s)
and tip ahead, squid 3.5.20+ supports ldaps groups filters.
Only for squidguard i dont know if its supports ldaps.
Greetz,
Louis
> -----Oorspronkelijk bericht-----
> Van: samba [mailto:samba-bounces at lists.samba.org] Namens Marc Muehlfeld
> via samba
> Verzonden: donderdag 18 augustus 2016 22:48
> Aan: Ricardo Pardim Claus; samba at lists.samba.org
> Onderwerp: Re: [Samba] Allow unencrypted TLS LDAP query
>
> Hello Ricardo,
>
> Am 18.08.2016 um 22:17 schrieb Ricardo Pardim Claus via samba:
> > It is possible to configure Samba 4.4.5 to accept queries that do not
> use TLS?
> > I'm having trouble authenticating the Proxy / SquidGuard in AD Samba
> 4.4.5.
> >
> > I get this error:
> >
> > (squidGuard): ldap_simple_bind_s failed: Strong(er) authentication
> required
> >
> > I read the wiki Samba, the new versions are working with authentication
> TLS encrypted connections.
> > It is possible to configure Samba to return to receive authentication in
> normal mode?
>
>
> https://wiki.samba.org/index.php/Updating_Samba#Default_for_LDAP_Connectio
> ns_Requires_Strong_Authentication_.28updating_from_.3C.3D4.4.0.2C_.3C.3D4.
> 3.6_or_.3C.3D4.2.9.29
>
> Why don't you configure your proxy / SquidGuard to establish an
> encrypted connection instead?
>
>
> Regards,
> Marc
>
>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions: https://lists.samba.org/mailman/options/samba
More information about the samba
mailing list