[Samba] Setup LDAPS or other solution for ldap

[matti.kaupenjohann]

Hi,

after successful setting up my test domain I wanted to step forward and 
wanted to check for users on my testserver in the domain. At the moment 
the server is also a domain member and authentication on the system 
works fine. Now I wanted to check for the domain via ldap with:

```
ldapsearch -x -b "dc=testdomain,dc=lan" -H ldap://10.99.0.2 -D 
"cn=Administrator,dc=testdomain,dc=lan" -W
```

I got the the password prompt, but it failed with:

```
ldap_bind: Strong(er) authentication required (8) additional info: 
BindSimple: Transport encryption required.
```

Ok I do understand the issue and wanted to test again with LDAPS, so 
followed the introduction for an untrusted self-signed certificate. 
After restarting the samba service I noticed that something went wrong. 
After analyzing I figured out, that ubuntu uses /var/lib/samba instead 
of /usr/local/samba.

Switching kind of worked and the samba service launched again 
successful. But instead of getting the "OK" after issueing the verify 
command I got an:

```
error /var/lib/samba/private/tls/testdomain.lan-ldaps-cert.pem: 
verification failed
```

I tested on the client and the remote verification looked fine. So I 
updated my ldapsearch command to:

```
ldapsearch -x -b "dc=testdomain,dc=lan" -H ldaps://dc01.testdomain.lan 
-D "cn=Administrator,dc=testdomain,dc=lan" -W
```

which resulted in

```
ldap_sasl_bind(SIMPLE): Can't contact LDAP server (-1)
```

Is the attempt about SIMPLE bind correct or should I approach this 
differntly?

-- 

Best Regards

Matti Kaupenjohann

Fachhochschule Dortmund
University of Applied Sciences and Arts

*Kaupenjohann, Matti*
FB Informationstechnik,

Sonnenstraße 96 - 44139 Dortmund
Raum SON-A A615
Tel     0231 9112 9371
matti.kaupenjohann at fh-dortmund.de
www.fh-dortmund.de

Think before you print!