[Samba] TLS questions
Rowland penny
rpenny at samba.org
Sun Sep 1 19:06:54 UTC 2019
On 01/09/2019 17:29, Rowland penny via samba wrote:
> On 01/09/2019 17:22, Robert Wooden wrote:
>> I am attempting to join a FreeNAS member to the domain. It complained
>> about kerberos and also mentioned SSL so, I digging for answers.
>>
>> By your question, looks to me like kerberos is my main problem and
>> once solved the SSL issue will not matter.
>>
>> (That's where the FreeNAS documents and troubleshooting keep pushing
>> me . . . back to kerberos.)
>
> The problem is (if it is a problem) kerberos == authentication and SSL
> == encryption i.e. they are different things.
>
> Can you post the smb.conf from the freenas machine and the version of
> Samba it uses.
>
> Rowland
>
>
>
Answering myself:
It is Samba 4.9.9 and the smb.conf is full of unnecessary parameters.
It isn't very intuitive to use and if you do not set up the
certificates, you get:
{'desc'}: 'Strong(er) authentication required', 'info': 'BindSimple:
Transport encryption required.'}
I haven't found realmd installed (this doesn't me it isn't, I just
cannot find it), but sssd is, but isn't in use. Because realmd isn't
installed, this must mean that 'net ads join' is being used to join to
the AD domain, so why not use kerberos to do the join ?
I quick read of the Freenas forum finds that they do use 'net ads join'
with kerberos, so why do they need the certificates ? Do you want to ask
them, or shall I ?
Rowland
More information about the samba
mailing list