[Samba] Setup LDAPS or other solution for ldap
Andrew Bartlett
abartlet at samba.org
Thu May 11 05:51:21 UTC 2023
On Wed, 2023-05-10 at 17:20 +0100, Rowland Penny via samba wrote:
> The problem with ldaps is that it doesn't really work on Samba AD
> and
>
> Kerberos is more secure.
I would not be so sweeping in that statement. ldaps:// connections,
being LDAP over TLS and LDAP + StartTLS are supported well in Samba,
but the administrator should replace our self-signed certificate with a
real one.
It will work fine for a simple bind, and many, many sites deploy this
for 'ldap authentication' of web applications etc, but you should not
mix LDAPS and Kerberos, because the encryption layers are not
connected.
I would not however try to mimic a domain joined client and linux login
etc with this (as one might have long ago with an OpenLDAP server),
just join with Samba or sssd where it all 'just works'.
Andrew Bartlett
--
Andrew Bartlett (he/him) https://samba.org/~abartlet/
Samba Team Member (since 2001) https://samba.org
Samba Team Lead https://catalyst.net.nz/services/samba
Catalyst.Net Ltd
Proudly developing Samba for Catalyst.Net Ltd - a Catalyst IT group
company
Samba Development and Support: https://catalyst.net.nz/services/samba
Catalyst IT - Expert Open Source Solutions
More information about the samba
mailing list