[Samba] Q: Samba AD, Pfsense, Windows 10, vpn
Marco Shmerykowsky
marco at sce-engineers.com
Mon Jun 15 16:05:26 UTC 2020
On 3/16/2020 4:29 AM, Stefan G. Weichinger via samba wrote:
> Am 16.03.20 um 09:02 schrieb Alexander Harm via samba:
>>
>> I only have some experience with OPNsense but maybe you can relate:
>>
>> - In my case it was always the certificate.
>> - I had to add the cert to the system certs using CLI. Adding them in the WebGUI was not enough.
>> - Port 636 did not work for me, only 389 using STARTTLS
>>
>> Hope that helps...
>
> Ah, yes, thanks.
>
> I agree, the cert-issues are the main spot to check.
>
> In the meantime I fixed it (for now) setting
>
> ldap server require strong auth = No
>
> on the DC and using the IP and "TCP - Standard" on pfsense.
>
> Not as secure as possible, but works for now.
>
> -
>
> Dunno about opnsense but in pfsense I am irritated by the fact that 2
> instances of the same release show different dropdown-menus for
> "Authentication Servers" (even after saving etc)
>
> There is a "Peer Certificate Authority" and a "Client Certificate".
>
> On a pfsense where things work I back then imported the
> "/var/lib/samba/private/tls/ca.pem" of my samba-dcs into "Certificate
> Manager /CAs" on the pfsense.
>
> And chose that in the dropdown for "Peer Certificate Authority".
>
> No "Client Certificate" there.
>
> OK, a bit off-topic or "cross-topic" in this ML ;-)
>
Is there some sort of FAQ or Checklist (for a newbie) that
is Samba4 specific beyond the information that is available
via OpenVPN or PfSense sources?
It seems that it gets murky at the authentication server (LDAP?)
and what to do with the various certificates.
Thanks.
More information about the samba
mailing list