[Samba] TLS ca/cert/key creation

Rowland Penny rpenny at samba.org
Thu Jan 3 16:23:43 UTC 2019

On Thu, 3 Jan 2019 08:10:30 -0800
Gregory Sloop via samba <samba at lists.samba.org> wrote:

> Really Rowland? 

Yes, really!

> As quoted:
> >> I believe I need to examine TLS since when I set "ldap server
> >> require strong auth = allow_sasl_over_tls" or "ldap server require
> >> strong auth = yes" user and group queries fail.
> This is OBVIOUSLY using LDAP and TLS.

I am not arguing that.

> If this was via NTLM/Kerberos, the above setting wouldn't make the
> slightest difference.

It doesn't

> But all that aside - the key question is: [Again, lets quit arguing
> if this is TLS/LDAP or Kerberos.]
> *** How do I get visability into the TLS negotiation so I can figure
> out what's wrong with my ca/certs/keys.
> -Greg

I will send you some notes I made when testing LDAP searches via
SSL/TLS, perhaps these will help.


More information about the samba mailing list