[Samba] Samba 4.19.2: "Unwilling to perform" password change
Michael Tokarev
mjt at tls.msk.ru
Mon Dec 18 07:21:22 UTC 2023
18.12.2023 04:01, Andrew Bartlett via samba wrote:
..
> We did this to avoid exposure of the new passwords over LDAP. We
> perhaps should have allowed for the equally insecure "ldap server
> require strong auth = no" but honestly I would prefer folks didn't do
> that either.
Yesterday I had to add "ldap server require strong auth = no" on our
samba AS-DC in order to avoid messing with proper certificates --
starting at the domain-level certificate authority and up to importing
this cert to all java applications and other contexts which will connect
to ldap.
Unfortunately there's no good solution for this on linux. Starting
with absolutely abnormal interface of openssl (and lack of working
alternatives)...
/mjt
More information about the samba
mailing list