[Samba] Q: Samba AD, Pfsense, Windows 10, vpn

[Stefan G. Weichinger]

Am 16.03.20 um 09:02 schrieb Alexander Harm via samba:
> 
> I only have some experience with OPNsense but maybe you can relate:
> 
> - In my case it was always the certificate. 
> - I had to add the cert to the system certs using CLI. Adding them in the WebGUI was not enough.
> - Port 636 did not work for me, only 389 using STARTTLS
> 
> Hope that helps...

Ah, yes, thanks.

I agree, the cert-issues are the main spot to check.

In the meantime I fixed it (for now) setting

ldap server require strong auth = No

on the DC and using the IP and "TCP - Standard" on pfsense.

Not as secure as possible, but works for now.

-

Dunno about opnsense but in pfsense I am irritated by the fact that 2
instances of the same release show different dropdown-menus for
"Authentication Servers" (even after saving etc)

There is a "Peer Certificate Authority" and a "Client Certificate".

On a pfsense where things work I back then imported the
"/var/lib/samba/private/tls/ca.pem" of my samba-dcs into "Certificate
Manager /CAs" on the pfsense.

And chose that in the dropdown for "Peer Certificate Authority".

No "Client Certificate" there.

OK, a bit off-topic or "cross-topic" in this ML ;-)