[Samba] LDAP bind to AD fails
Stefan G. Weichinger
lists at xunil.at
Wed Sep 18 17:28:43 UTC 2019
Am 18.09.19 um 19:16 schrieb Kris Lou via samba:
> More than likely, certificate issues.
>
> If you use the IP in pfsense, then the Samba certificate needs to have the
> IP as the CN.
So you suggest to contact the dc via hostname ...
googled this query command:
# openssl s_client -connect adc1:636
tells me ...
CONNECTED(00000003)
depth=0 O = Samba Administration, OU = Samba - temporary autogenerated
HOST certificate, CN = ADC1.arbeitsgruppe.mydomain.at
verify error:num=20:unable to get local issuer certificate
verify return:1
depth=0 O = Samba Administration, OU = Samba - temporary autogenerated
HOST certificate, CN = ADC1.arbeitsgruppe.mydomain.at
verify error:num=21:unable to verify the first certificate
verify return:1
---
Certificate chain
0 s:/O=Samba Administration/OU=Samba - temporary autogenerated HOST
certificate/CN=ADC1.arbeitsgruppe.mydomain.at
i:/O=Samba Administration/OU=Samba - temporary autogenerated CA
certificate/CN=ADC1.arbeitsgruppe.mydomain.at
So I would have to use "adc1.arbeitsgruppe.mydomain.at"
?
But why did that work yesterday ... ?
aside from this thread I also posted at netgate forum:
https://forum.netgate.com/topic/146634/openvpn-auth-via-samba4-ads-ldap
thanks
More information about the samba
mailing list