[Samba] winbindd with LDAPS
Rowland Penny
rpenny at samba.org
Wed Mar 8 13:49:12 UTC 2023
On 08/03/2023 12:58, jose.celestino--- via samba wrote:
> Hi,
>
> We have a samba installation (4.17.5) where a winbindd is part of an
> AD domain and used to authenticate radius (radiator) logins.
>
> The thing is, the AD administration is closing port 386 on the
> password server and only allowing requests on 636 (ldaps).
>
> I don't seem to be able to change the winbindd to use the ldaps port. Tried
>
> ldap ssl = start tls
> ldap ssl ads = yes
> tls enabled = yes
>
> but both the net join and the ntlm_auth go to port 386 and will cease
> to work as soon as that is disabled.
>
> Winbindd only works on 389 or am I missing something?
>
> Thank you.
>
If I remember correctly (and someone will surely put my right if I don't
remember correctly), winbind doesn't use ldap, it use RPC.
Unless you are using an old NT4-style domain based on ldap, you probably
will not notice any difference.
The other thing is, I thought that a lot of the ldap calls on AD start
off on port 389 and get 'ported' to 636
Rowland
More information about the samba
mailing list