[Samba] samba net ads join windows active directory with ldap ssl
Arjit Gupta
arjitk.gupta at gmail.com
Tue Dec 5 01:08:05 UTC 2017
Hi,
Please help me identify what additional is to be done.
On 4 Dec 2017 15:10, "Arjit Gupta" <arjitk.gupta at gmail.com> wrote:
> Hi,
>
> I have enabled ldap ssl on Windows 2008 server active directory and want
> to join ads domain with net ads join command.
>
> I am getting below error:-
> net ads join -U Administrator
> ldap_url_parse_ext(ldap://localhost/)
> ldap_init: trying /etc/ldap/ldap.conf
> ldap_init: using /etc/ldap/ldap.conf
> ldap_init: HOME env is /root
> ldap_init: trying /root/ldaprc
> ldap_init: trying /root/.ldaprc
> ldap_init: trying ldaprc
> ldap_init: LDAPCONF env is NULL
> ldap_init: LDAPRC env is NULL
> Enter Administrator's password:
> Failed to issue the StartTLS instruction: Connect error
> Failed to join domain: failed to connect to AD: Connect error
>
> I have done below steps:-
>
> 1. Configure secure ldap ssl on Active directory. Youtube link
> <https://www.youtube.com/watch?v=JFPa_uY8NhY> which i refereed.
> 2. Obtain client certificate.
> certutil -ca.cert client.crt
> 3. Copy client certificate to linux machine.
> 4. run net ads join -U Administrator command
>
>
> *My ldap .conf*
> cat /etc/ldap/ldap.conf
> #
> # LDAP Defaults
> #
>
> # See ldap.conf(5) for details
> # This file should be world readable but not world writable.
>
> #BASE dc=example,dc=com
> #URI ldap://ldap.example.com ldap://ldap-master.example.com:666
>
> #SIZELIMIT 12
> #TIMELIMIT 15
> #DEREF never
>
> # TLS certificates (needed for GnuTLS)
> TLS_CACERT /etc/ssl/certs/client.crt
>
> *My smb.conf *
>
> [global]
> ldap debug level = 1
> ldap ssl = start tls
> ldap ssl ads = yes
> workgroup = CIFS
> security = ads
> realm = cifs.com
> netbios name = ubuntu
> encrypt passwords = yes
> log file = /var/opt/samba/log.%m
> debug level =0
> max log size = 1000
> syslog = 0
> panic action = /var/opt/samba/panic-action %d
> preserve case = yes
> short preserve case = yes
> dos filetime resolution = yes
> read only = no
> socket options = TCP_NODELAY
> domain master = auto
> local master = yes
> preferred master = auto
> domain logons = no
> [homes]
> comment = Home Directories
> path = /home/%U
> browseable = no
> writable = no
> create mask = 0700
> directory mask = 0700
> [tmp]
> comment = Temporary file space
> path = /tmp
> read only = no
>
> *NOTE:- *before enabling ldap ssl and ldap ssl ads i was able to join
> active directory domain.
>
> Arjit Kumar
>
>
More information about the samba
mailing list