[Samba] Setup LDAPS or other solution for ldap
matti.kaupenjohann
matti.kaupenjohann at fh-dortmund.de
Mon May 8 16:27:14 UTC 2023
Hi,
after successful setting up my test domain I wanted to step forward and
wanted to check for users on my testserver in the domain. At the moment
the server is also a domain member and authentication on the system
works fine. Now I wanted to check for the domain via ldap with:
```
ldapsearch -x -b "dc=testdomain,dc=lan" -H ldap://10.99.0.2 -D
"cn=Administrator,dc=testdomain,dc=lan" -W
```
I got the the password prompt, but it failed with:
```
ldap_bind: Strong(er) authentication required (8) additional info:
BindSimple: Transport encryption required.
```
Ok I do understand the issue and wanted to test again with LDAPS, so
followed the introduction for an untrusted self-signed certificate.
After restarting the samba service I noticed that something went wrong.
After analyzing I figured out, that ubuntu uses /var/lib/samba instead
of /usr/local/samba.
Switching kind of worked and the samba service launched again
successful. But instead of getting the "OK" after issueing the verify
command I got an:
```
error /var/lib/samba/private/tls/testdomain.lan-ldaps-cert.pem:
verification failed
```
I tested on the client and the remote verification looked fine. So I
updated my ldapsearch command to:
```
ldapsearch -x -b "dc=testdomain,dc=lan" -H ldaps://dc01.testdomain.lan
-D "cn=Administrator,dc=testdomain,dc=lan" -W
```
which resulted in
```
ldap_sasl_bind(SIMPLE): Can't contact LDAP server (-1)
```
Is the attempt about SIMPLE bind correct or should I approach this
differntly?
--
Best Regards
Matti Kaupenjohann
Fachhochschule Dortmund
University of Applied Sciences and Arts
*Kaupenjohann, Matti*
FB Informationstechnik,
Sonnenstraße 96 - 44139 Dortmund
Raum SON-A A615
Tel 0231 9112 9371
matti.kaupenjohann at fh-dortmund.de
www.fh-dortmund.de
Think before you print!
More information about the samba
mailing list