[Samba] Configuration help
L.P.H. van Belle
belle at bazuin.nl
Tue Aug 6 09:09:50 UTC 2019
Hai,
If its really Debian 9, then i dont think, this is not going to work. >> /etc/openldap/ldap.conf
I suggest the following.
apt-get install ca-certificates
mkdir -p /usr/local/share/ca-certificates/samba-ad-dc
ln -s /var/lib/samba/private/tls/cert.pem /usr/local/share/ca-certificates/samba-ad-dc/samba.crt
update-ca-certificates
/etc/ldap/ldap.conf
BASE dc=some,dc=dom,dc=tld
URI ldaps://dc1.some.dom.tld ldaps://dc2.some.dom.tld
TLS_REQCERT allow
# Optional, depending on need add:
#BIND_DN = CN=ldapBindUser,OU=Service-Accounts,DC=some,DC=dom,DC=tld
#BIND_PW = SomePasshere
Something like that.
Greetz,
Louis
> -----Oorspronkelijk bericht-----
> Van: samba [mailto:samba-bounces at lists.samba.org] Namens
> Guillaume Couvreur via samba
> Verzonden: dinsdag 6 augustus 2019 10:23
> Aan: Rowland penny
> CC: sambalist
> Onderwerp: Re: [Samba] Configuration help
>
> I can't find /etc/openldap/ldap.conf
>
> Le mar. 6 août 2019 à 10:16, Rowland penny via samba
> <samba at lists.samba.org>
> a écrit :
>
> > On 06/08/2019 08:41, Guillaume Couvreur wrote:
> > > Distro : Debian 9
> > >
> > > log samba and smb as attachments
> >
> > The log just tells me that samba_dnsupdate needs looking at. ;-)
> >
> > Try this:
> >
> > Add to the [global] section of smb.conf:
> >
> > ldap server require strong auth = allow_sasl_over_tls
> >
> > Now modify/create /etc/openldap/ldap.conf
> >
> > Add/change:
> >
> > HOST <YOUR_DCs_FQDN>
> > TLS_CACERT /var/lib/samba/private/tls/cert.pem
> > TLS_REQCERT never
> >
> > Restart Samba and try again.
> >
> > If it still doesn't work, can we see 'log.winbindd'
> >
> > Rowland
> >
> >
> >
> > --
> > To unsubscribe from this list go to the following URL and read the
> > instructions: https://lists.samba.org/mailman/options/samba
> >
>
>
> --
>
> *Guillaume COUVREUR*
> *Chef de projet technique*
> guillaume.couvreur at ntico-operation.com
> 03.66.72.80.79
> 1A, avenue de l'Harmonie
> 59650 VILLENEUVE D'ASCQ
> --
> To unsubscribe from this list go to the following URL and read the
> instructions: https://lists.samba.org/mailman/options/samba
>
>
More information about the samba
mailing list