[Samba] Configuration help

L.P.H. van Belle belle at bazuin.nl
Tue Aug 6 09:09:50 UTC 2019 

Hai, 

If its really Debian 9, then i dont think, this is not going to work. >> /etc/openldap/ldap.conf 

I suggest the following. 

apt-get install ca-certificates 
mkdir -p /usr/local/share/ca-certificates/samba-ad-dc
ln -s /var/lib/samba/private/tls/cert.pem /usr/local/share/ca-certificates/samba-ad-dc/samba.crt
update-ca-certificates

/etc/ldap/ldap.conf
BASE    dc=some,dc=dom,dc=tld
URI     ldaps://dc1.some.dom.tld ldaps://dc2.some.dom.tld
TLS_REQCERT allow

# Optional, depending on need add: 
#BIND_DN = CN=ldapBindUser,OU=Service-Accounts,DC=some,DC=dom,DC=tld
#BIND_PW = SomePasshere

Something like that. 


Greetz, 

Louis



> -----Oorspronkelijk bericht-----
> Van: samba [mailto:samba-bounces at lists.samba.org] Namens 
> Guillaume Couvreur via samba
> Verzonden: dinsdag 6 augustus 2019 10:23
> Aan: Rowland penny
> CC: sambalist
> Onderwerp: Re: [Samba] Configuration help
> 
> I can't find  /etc/openldap/ldap.conf
> 
> Le mar. 6 août 2019 à 10:16, Rowland penny via samba 
> <samba at lists.samba.org>
> a écrit :
> 
> > On 06/08/2019 08:41, Guillaume Couvreur wrote:
> > > Distro : Debian 9
> > >
> > > log samba and smb  as attachments
> >
> > The log just tells me that samba_dnsupdate needs looking at. ;-)
> >
> > Try this:
> >
> > Add to the [global] section of smb.conf:
> >
> > ldap server require strong auth = allow_sasl_over_tls
> >
> > Now modify/create /etc/openldap/ldap.conf
> >
> > Add/change:
> >
> > HOST <YOUR_DCs_FQDN>
> > TLS_CACERT /var/lib/samba/private/tls/cert.pem
> > TLS_REQCERT never
> >
> > Restart Samba and try again.
> >
> > If it still doesn't work, can we see 'log.winbindd'
> >
> > Rowland
> >
> >
> >
> > --
> > To unsubscribe from this list go to the following URL and read the
> > instructions:  https://lists.samba.org/mailman/options/samba
> >
> 
> 
> -- 
> 
> *Guillaume COUVREUR*
> *Chef de projet technique*
> guillaume.couvreur at ntico-operation.com
> 03.66.72.80.79
> 1A, avenue de l'Harmonie
> 59650 VILLENEUVE D'ASCQ
> -- 
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/options/samba
> 
>

More information about the samba mailing list