[Samba] How to configure samba domain member to use LDAPS instead of LDAP
Andrea Cucciarre'
acucciarre at cloudian.com
Mon Nov 9 13:28:19 UTC 2020
My customer complain that in the AD DC they see the following insecure
communication coming from the Samba server (DC member):
"The following client performed a SASL (Negotiate/Kerberos/NTLM/Digest) LDAP bind without requesting signing (integrity verification), or performed a simple bind over a cleartext (non-SSL/TLS-encrypted) LDAP connection."
So Samba does an insecure LDAP bind and they are asking how to change Samba so that it does it in a secure way.
Any tuning or suggestion to achieve it?
Thanks
Andrea
On 11/9/2020 1:03 PM, Rowland penny via samba wrote:
> On 09/11/2020 11:45, Andrea Cucciarre' via samba wrote:
>>
>> is there any documented procedure to configure a samba domain member
>> (AD windows domain) to use LDAPS instead of LDAP
> The only documentation I know of is here:
>
> https://wiki.samba.org/index.php/Configuring_LDAP_over_SSL_(LDAPS)_on_a_Samba_AD_DC
>
>
> But it is meant for a DC.
>
> Are you talking about using ldaps with ldap searches ? If so, then
> don't, use kerberos instead, it is even more secure.
>
> Rowland
>
>
>
More information about the samba
mailing list