[Samba] OpenPVN authentication via Samba AD

Stefan G. Weichinger lists at xunil.at
Wed Sep 2 12:12:42 UTC 2020

Am 01.09.20 um 23:45 schrieb Marco J Shmerykowsky PE via samba:
> Yes, went thru that page a few times and don't see an obvious error.
> If I leave require strong auth as the default, then nothing works. Setting it to no allows diagnostics->authentication to return a positive result.
> That is also the configuration that would succeed in querying the containers.
> Without the 'no' setting it fails to bind.
> What am i missing?

Here a working snippet of a pfsense-2.4.5p1, anonymized.

This is the authserver-block out of the backup xml, for sure you have to
adapt to your domains DNs etc:

			<ldap_urltype>SSL - Encrypted</ldap_urltype>

- on the queried AD DC "adc2" I have:

ldap server require strong auth = Yes



You write:

> I'm getting TLS handshake failed on the remote client, so I'm still
> doing something wrong.....

To me that sounds as if your OpenVPN client fails? That wouldn't be
samba- or AD-related anymore, I think.

More information about the samba mailing list