[Samba] How to configure samba domain member to use LDAPS instead of LDAP
acucciarre at cloudian.com
Mon Nov 9 13:48:02 UTC 2020
I have found out the smb.conf options: ldap ssl, ldap ssl ads.
Moreover it seems the samba I'm using is not compiled with the SSL option:
/opt/samba/sbin/smbd -b | grep -i with
Do you believe that using a Samba compiled with SSL will address it?
Global Technical Support Manager
On 11/9/2020 2:28 PM, Andrea Cucciarre' wrote:
> My customer complain that in the AD DC they see the following insecure
> communication coming from the Samba server (DC member):
> "The following client performed a SASL
> (Negotiate/Kerberos/NTLM/Digest) LDAP bind without requesting signing
> (integrity verification), or performed a simple bind over a cleartext
> (non-SSL/TLS-encrypted) LDAP connection."
> So Samba does an insecure LDAP bind and they are asking how to change
> Samba so that it does it in a secure way.
> Any tuning or suggestion to achieve it?
> On 11/9/2020 1:03 PM, Rowland penny via samba wrote:
>> On 09/11/2020 11:45, Andrea Cucciarre' via samba wrote:
>>> is there any documented procedure to configure a samba domain member
>>> (AD windows domain) to use LDAPS instead of LDAP
>> The only documentation I know of is here:
>> But it is meant for a DC.
>> Are you talking about using ldaps with ldap searches ? If so, then
>> don't, use kerberos instead, it is even more secure.
More information about the samba