[Samba] Security Implications of "ldap server require strong auth"?
Christian Naumer
christian.naumer at greyfish.net
Tue May 28 05:36:13 UTC 2024
Hi Thomas,
you can get Nextcloud to work without that parameter set. Either you
need to configure your host to accept the ldaps certificate or to not
check Ther cert if it is not signed by public authority.
A Google search with Nextcloud and ldaps and Active Directory should help.
Regards
Christian
Am 27.05.24 um 15:57 schrieb Bestattungen Vitt - Thomas Reitelbach via
samba:
> Hello Samba Team,
>
> I hope someone with more expertise than me can englighten me to the
> following "problem":
>
> I'm on my way to implement Nextcloud LDAP Authentication against my
> existing Samba Active Directory via the LDAP Auth Plugin in Nextcloud. I
> have had trouble with the configuration of the Auth-Plugin in Nextcloud
> because it could not bind to the ldap directory.
> After some investigation I learned, that the nextcloud ldap auth plugin
> does not support "strong authentication", which seems to be enforced by
> samba by default.
> Further investigation led me to the solution to use the [global] option
> "ldap server require strong auth = no" in smb.conf. With this option
> set, the ldap plugin is working and my Domain users can authenticate to
> nextcloud with their Domain account.
>
> But before I implement this in my production system I need to know the
> security implications of this samba parameter. I must admit that I don't
> really understand the risc for a real-life scenario. Also, I'm not very
> experienced with ldap, so please, can you help me a bit?
>
> Samba: 4.17.12-Debian (stock debian version)
> Nextcloud Hub 8 (29.0.0.1)
>
> Cheers
> Thomas Reitelbach
>
More information about the samba
mailing list