[Samba] TLS questions

Rowland penny rpenny at samba.org
Sun Sep 1 19:06:54 UTC 2019

On 01/09/2019 17:29, Rowland penny via samba wrote:
> On 01/09/2019 17:22, Robert Wooden wrote:
>> I am attempting to join a FreeNAS member to the domain. It complained 
>> about kerberos and also mentioned SSL so, I digging for answers.
>> By your question, looks to me like kerberos is my main problem and 
>> once solved the SSL issue will not matter.
>> (That's where the FreeNAS documents and troubleshooting keep pushing 
>> me . . . back to kerberos.)
> The problem is (if it is a problem) kerberos == authentication and SSL 
> == encryption i.e. they are different things.
> Can you post the smb.conf from the freenas machine and the version of 
> Samba it uses.
> Rowland
Answering myself:

It is Samba 4.9.9 and the smb.conf is full of unnecessary parameters.

It isn't very intuitive to use and if you do not set up the 
certificates, you get:

{'desc'}: 'Strong(er) authentication required', 'info': 'BindSimple: 
Transport encryption required.'}

I haven't found realmd installed (this doesn't me it isn't, I just 
cannot find it), but sssd is, but isn't in use. Because realmd isn't 
installed, this must mean that 'net ads join' is being used to join to 
the AD domain, so why not use kerberos to do the join ?

I quick read of the Freenas forum finds that they do use 'net ads join' 
with kerberos, so why do they need the certificates ? Do you want to ask 
them, or shall I ?


More information about the samba mailing list