[Samba] TLS_CIPHER_SUITE - OpenLDAP connection

Leander Schäfer info at netocean.de
Mon Mar 14 10:54:36 UTC 2016


Thank you for your feedback, Andrew. Since Samba is not the only application making use of the TLS_CIPHER_SUITE negotiation rules in ldap.conf, I would like to ensure that all of them still use the highest encryption possible. Currently I had to remove "TLS_CIPHER_SUITE" as a workarrou d in order to let Samba work wirh LDAP in TLS mode. Does anyone have a suggestion how I can apply TLS_CIPHER_SUITE in such a way that Samba LDAP connection doesn't break?

I think this is a major configuration issue and should be mentioned in the official Samba Wiki. Samba <-> LDAP Isn't working unless the varialbe  "TLS_CIPHER_SUITE" is deactivated or set propper. What do you think?

Best regards
Leander Schäfer

>> Am 14.03.2016 um 11:03 schrieb Andrew Bartlett <abartlet at samba.org>:
>> On Mon, 2016-03-14 at 01:55 +0100, Leander Schäfer wrote:
>> What would be a working TLS_CIPHER_SUITE in ldap.conf for Samba 4.
>> I'm 
>> asking, cause I had to remove
>> from my ldap.conf for samba to work. This wasn't documented anywhere.
>> I 
>> think this should be mentoined in the wiki as well as in the man 
>> smb.conf under tls.
> Aside from banning SSLv3, we just use whatever GnuTLS give us on your
> platform, by default.  Modern Samba versions even let you control that
> with an smb.conf option.
> I hope this helps,
> Andrew Bartlett
> -- 
> Andrew Bartlett                       http://samba.org/~abartlet/
> Authentication Developer, Samba Team  http://samba.org
> Samba Developer, Catalyst IT          http://catalyst.net.nz/services/samba

More information about the samba mailing list