[Samba] LDAP bind to AD fails
Kris Lou
klou at themusiclink.net
Wed Sep 18 17:16:31 UTC 2019
More than likely, certificate issues.
If you use the IP in pfsense, then the Samba certificate needs to have the
IP as the CN.
Kris Lou
klou at themusiclink.net
On Wed, Sep 18, 2019 at 9:42 AM Stefan G. Weichinger via samba <
samba at lists.samba.org> wrote:
>
> Yesterday I set up the pfsense-OpenVPN-Server to auth against the samba-AD
>
> worked great already ...
>
> Now without a change I get errors and wonder why.
>
> I used the IP as "host" and TCP-STARTTLS to port 389
>
> log.samba shows:
>
> [2019/09/18 18:38:22.123976, 1]
> ../source4/lib/tls/tls_tstream.c:1439(tstream_tls_retry_handshake)
> TLS ../source4/lib/tls/tls_tstream.c:1439 - A TLS fatal alert has been
> received.
> [2019/09/18 18:38:22.124027, 1]
>
> ../source4/ldap_server/ldap_extended.c:89(ldapsrv_starttls_postprocess_done)
> ldapsrv_starttls_postprocess_done: accept_tls_loop:
> tstream_tls_accept_recv() - 5:Input/output error =>
> NT_STATUS_IO_DEVICE_ERRORstream_terminate_connection: Terminating
> connection - 'ldapsrv_call_postprocess_done: call->postprocess_recv() -
> NT_STATUS_IO_DEVICE_ERROR'
>
> hmmm
>
> unencrypted doesn't work at all ... right?
>
> As it worked already yesterday I assume it does not have to do with some
> certificate issues? AD-CA or so?
>
> We authed with specific bind credentials etc ... and I wonder what to
> look for.
>
> Samba version 4.9.13-Debian, btw
>
> thanks
>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions: https://lists.samba.org/mailman/options/samba
>
More information about the samba
mailing list