[Samba] Issue with LDAPS & Winbind
Rowland Penny
rpenny at samba.org
Tue Jan 9 19:24:21 UTC 2018
On Tue, 9 Jan 2018 11:08:19 -0800
Timothy Gwynne via samba <samba at lists.samba.org> wrote:
> I have an Ubuntu 14.04 member server which runs winbind, krb5, and
> samba. Without encryption, I am able to use winbind to get all the
> info I neeed. i.e.
>
> winbind -g works
> winbind -u works
I am very sure it doesn't ;-)
I think you mean 'wbinfo' instead
>
> I am trying to now get LDAPS working, but when I run a command nothing
> happens
>
> winbind -g does nothing (no errors)
> winbind -u does nothing (no errors).
>
> On the Windows DC, I can see TLS traffic happening between the
> Windows DC and Ubuntu machine, but of course it does not seem to be
> fully working.
>
> here is smb.conf:
>
>
> [global]
>
>
> workgroup = TIMDOMAIN
> realm = TIMDOMAIN.LOCAL
> netbios name = UBUNTUWEE
> server string = %h server (Samba %v, Ubuntu)
> dns proxy = no
> log file = /var/log/samba/log.%m
> max log size = 1000
> panic action = /usr/share/samba/panic-action %d
> security = ADS
> ldap ssl = start tls
> ldap ssl ads = yes
> domain master = no
> template shell = /bin/bash
> template homedir = /home/%D/%U
> winbind enum groups = yes
> winbind enum users = yes
> winbind use default domain = yes
> usershare allow guests = yes
>
> I've tried this config without ldap ssl = start tls and just ldap ssl
> ads and the traffic seems to be the exact same.
>
> Here is ldap.conf:
>
> TLS_CACERT /etc/ssl/certs/ca.cer
>
> ca.cer contains my CA root certificate in Base-64 X509 format.
>
I am trying to understand just what you are trying to achieve, you do
not normally use ldap for authentication, that is what winbind is for.
Please explain why you are trying this.
Rowland
More information about the samba
mailing list