[Samba] Configuration help

L.P.H. van Belle belle at bazuin.nl
Tue Aug 6 10:35:33 UTC 2019


Good its working now, but that confirms that.. 

Or resolving or you certificate setup is not correct because you need this parameter now. 

> > ldap server require strong auth = no  <<  
And that is one you most probely dont to use. 
You "i assume" want to encrypt that traffic. 

Man smb.conf 
Default : ldap server require strong auth = yes
Which points to, use port 636 ( ldaps ) 

Or 
ldap server require strong auth = allow_sasl_over_tls   
( port 389 ) 

And base on the just posted messages, i suggest one of these. 

Server type : - Ms Active Directoy
Connection type : - LDAP+SSL
			( resulting port StartTLS 389 or ldaps : 636 ) 
Authentication type : - Simple

Or 
Server type : - OpenLDAP
Connection type : - Standard LDAP
			- LDAP+SSL
			( resulting port StartTLS 389 or ldaps : 636 ) ) 
Authentication type : - Simple

Then test with :  
( startTls 389)
ldapsearch -x -D "Administrator at ntico.tech" -b "DC=ntico,DC=tech" -s sub \
	-H ldap://$(nslookup 10.20.0.51|grep name|awk {' print $NF '} |head --bytes -2) \
	-w"P4$$w0rd"  

SSL port 636 
ldapsearch -x -D "Administrator at ntico.tech" -b "DC=ntico,DC=tech" -s sub \
	-H ldaps://$(nslookup 10.20.0.51|grep name|awk {' print $NF '} |head --bytes -2) \
	-w"P4$$w0rd"  

This should give back you DC hostname : $(nslookup 10.20.0.51|grep name|awk {' print $NF '} |head --bytes -2) 

Greetz,

Louis



> -----Oorspronkelijk bericht-----
> Van: samba [mailto:samba-bounces at lists.samba.org] Namens 
> Guillaume Couvreur via samba
> Verzonden: dinsdag 6 augustus 2019 12:10
> Aan: Rowland penny
> CC: sambalist
> Onderwerp: Re: [Samba] Configuration help
> 
> great it works. You are the boss !
> 
> Le mar. 6 août 2019 à 12:04, Rowland penny via samba 
> <samba at lists.samba.org>
> a écrit :
> 
> > On 06/08/2019 10:53, Guillaume Couvreur wrote:
> > > Server type :
> > > - Ms Active Directoy
> > > - OpenLDAP
> > > - Lotus Domino
> > > - Other
> > OK, change the Server Type to 'Ms Active Directory'
> > >
> > > Connection type :
> > > - Standard LDAP
> > > - LDAP+SSL
> > >
> > > Authentication type :
> > > - Simple
> > > - Anonymous
> >
> > Leave everything else alone.
> >
> > Add this to smb.conf:
> >
> > ldap server require strong auth = no
> >
> > Restart Samba and see if that works.
> >
> > Rowland
> >
> >
> >
> > --
> > To unsubscribe from this list go to the following URL and read the
> > instructions:  https://lists.samba.org/mailman/options/samba
> >
> 
> 
> -- 
> 
> *Guillaume COUVREUR*
> *Chef de projet technique*
> guillaume.couvreur at ntico-operation.com
> 03.66.72.80.79
> 1A, avenue de l'Harmonie
> 59650 VILLENEUVE D'ASCQ
> -- 
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/options/samba
> 
> 




More information about the samba mailing list