[Samba] Q: Samba AD, Pfsense, Windows 10, vpn
Stefan G. Weichinger
lists at xunil.at
Mon Mar 16 08:29:38 UTC 2020
Am 16.03.20 um 09:02 schrieb Alexander Harm via samba:
> I only have some experience with OPNsense but maybe you can relate:
> - In my case it was always the certificate.
> - I had to add the cert to the system certs using CLI. Adding them in the WebGUI was not enough.
> - Port 636 did not work for me, only 389 using STARTTLS
> Hope that helps...
Ah, yes, thanks.
I agree, the cert-issues are the main spot to check.
In the meantime I fixed it (for now) setting
ldap server require strong auth = No
on the DC and using the IP and "TCP - Standard" on pfsense.
Not as secure as possible, but works for now.
Dunno about opnsense but in pfsense I am irritated by the fact that 2
instances of the same release show different dropdown-menus for
"Authentication Servers" (even after saving etc)
There is a "Peer Certificate Authority" and a "Client Certificate".
On a pfsense where things work I back then imported the
"/var/lib/samba/private/tls/ca.pem" of my samba-dcs into "Certificate
Manager /CAs" on the pfsense.
And chose that in the dropdown for "Peer Certificate Authority".
No "Client Certificate" there.
OK, a bit off-topic or "cross-topic" in this ML ;-)
More information about the samba