[Samba] LDAPS & Windows Domain Controller

Zebrose, Cordell zebrose at amazon.com
Thu Oct 29 22:15:57 UTC 2020

I have a Samba file server attempting to join an Active Directory domain using "$net ads join". The Domain Controller is running Windows Server 2019. I'd like to force samba to use port 636 (LDAPS) when making the LDAP connection. I've tried several settings in the smb.conf file, but when I check the LDAP packets, samba is still using port 389. The join domain call is successful, it's just using the wrong port. I've tried:

-          "ldap ssl ads = yes"

-          "client ldap sasl wrapping = seal"

-          "ldap ssl = no"

-          Setting the URI in the ldap.conf file with "URI      ldaps://test.domain.com"

-          Passing the domain controller ip address with ":636" to try an force port 636

I've looked through the LDAPS documentation on samba.org<http://samba.org/> but it's usually referencing using the Samba server as a Domain Controller, not as a Domain Member. Most of the related questions that I've found refer to using Samba as the AD DC and they usually involve messing around with the tls* attributes and/or having more changes in the ldap.conf. I'm not sure how much of that is required when Samba is a Domain Member.

I'm just trying to understand what parameters are important when attempting to have samba join a domain using LDAPS. It's also very likely that the issue is related to my Domain Controllers, I've only verified that they are accepting connections on port 636 using the LDP.exe tool. see https://docs.microsoft.com/en-us/previous-versions/windows/it-pro/windows-server-2012-r2-and-2012/cc771022(v=ws.11)


More information about the samba mailing list