[Samba] Issue with LDAPS & Winbind

Timothy Gwynne gwynne.timothy at gmail.com
Tue Jan 9 19:08:19 UTC 2018

I have an Ubuntu 14.04 member server which runs winbind, krb5, and samba.
Without encryption, I am able to use winbind to get all the info I neeed.

winbind -g works
winbind -u works

I am trying to now get LDAPS working, but when I run a command nothing

winbind -g does nothing (no errors)
winbind -u does nothing (no errors).

On the Windows DC, I can see TLS traffic happening between the Windows DC
and Ubuntu machine, but of course it does not seem to be fully working.

here is smb.conf:


workgroup = TIMDOMAIN
netbios name = UBUNTUWEE
server string = %h server (Samba %v, Ubuntu)
dns proxy = no
log file = /var/log/samba/log.%m
max log size = 1000
panic action = /usr/share/samba/panic-action %d
security = ADS
ldap ssl = start tls
ldap ssl ads = yes
domain master = no
template shell = /bin/bash
template homedir = /home/%D/%U
winbind enum groups = yes
winbind enum users = yes
winbind use default domain = yes
usershare allow guests = yes

I've tried this config without ldap ssl = start tls and just ldap ssl ads
and the traffic seems to be the exact same.

Here is ldap.conf:

TLS_CACERT      /etc/ssl/certs/ca.cer

ca.cer contains my CA root certificate in Base-64 X509 format.

Tim Gwynne

More information about the samba mailing list