[Samba] Issue with LDAPS & Winbind
Timothy Gwynne
gwynne.timothy at gmail.com
Tue Jan 9 19:08:19 UTC 2018
I have an Ubuntu 14.04 member server which runs winbind, krb5, and samba.
Without encryption, I am able to use winbind to get all the info I neeed.
i.e.
winbind -g works
winbind -u works
I am trying to now get LDAPS working, but when I run a command nothing
happens
winbind -g does nothing (no errors)
winbind -u does nothing (no errors).
On the Windows DC, I can see TLS traffic happening between the Windows DC
and Ubuntu machine, but of course it does not seem to be fully working.
here is smb.conf:
[global]
workgroup = TIMDOMAIN
realm = TIMDOMAIN.LOCAL
netbios name = UBUNTUWEE
server string = %h server (Samba %v, Ubuntu)
dns proxy = no
log file = /var/log/samba/log.%m
max log size = 1000
panic action = /usr/share/samba/panic-action %d
security = ADS
ldap ssl = start tls
ldap ssl ads = yes
domain master = no
template shell = /bin/bash
template homedir = /home/%D/%U
winbind enum groups = yes
winbind enum users = yes
winbind use default domain = yes
usershare allow guests = yes
I've tried this config without ldap ssl = start tls and just ldap ssl ads
and the traffic seems to be the exact same.
Here is ldap.conf:
TLS_CACERT /etc/ssl/certs/ca.cer
ca.cer contains my CA root certificate in Base-64 X509 format.
--
Tim Gwynne
978-994-4272
More information about the samba
mailing list