Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss
[Samba] Allow unencrypted TLS LDAP query
795 views
Skip to first unread message
Ricardo Pardim Claus via samba
Aug 18, 2016, 4:30:03 PM8/18/16
to
Dear
It is possible to configure Samba 4.4.5 to accept queries that do not use TLS?
I'm having trouble authenticating the Proxy / SquidGuard in AD Samba 4.4.5.
I get this error:
(squidGuard): ldap_simple_bind_s failed: Strong(er) authentication required
I read the wiki Samba, the new versions are working with authentication TLS encrypted connections.
It is possible to configure Samba to return to receive authentication in normal mode?
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba
Marc Muehlfeld via samba
Aug 18, 2016, 5:00:04 PM8/18/16
to
Hello Ricardo,
Am 18.08.2016 um 22:17 schrieb Ricardo Pardim Claus via samba:
> It is possible to configure Samba 4.4.5 to accept queries that do not use TLS?
> I'm having trouble authenticating the Proxy / SquidGuard in AD Samba 4.4.5.
>
> I get this error:
>
> (squidGuard): ldap_simple_bind_s failed: Strong(er) authentication required
>
> I read the wiki Samba, the new versions are working with authentication TLS encrypted connections.
> It is possible to configure Samba to return to receive authentication in normal mode?
https://wiki.samba.org/index.php/Updating_Samba#Default_for_LDAP_Connections_Requires_Strong_Authentication_.28updating_from_.3C.3D4.4.0.2C_.3C.3D4.3.6_or_.3C.3D4.2.9.29
Why don't you configure your proxy / SquidGuard to establish an
encrypted connection instead?
Regards,
Marc
Am 18.08.2016 um 22:17 schrieb Ricardo Pardim Claus via samba:
> It is possible to configure Samba 4.4.5 to accept queries that do not use TLS?
> I'm having trouble authenticating the Proxy / SquidGuard in AD Samba 4.4.5.
>
> I get this error:
>
> (squidGuard): ldap_simple_bind_s failed: Strong(er) authentication required
>
> I read the wiki Samba, the new versions are working with authentication TLS encrypted connections.
> It is possible to configure Samba to return to receive authentication in normal mode?
Why don't you configure your proxy / SquidGuard to establish an
encrypted connection instead?
Regards,
Marc
Dewayne Geraghty via samba
Aug 18, 2016, 11:00:03 PM8/18/16
to
On 19 August 2016 at 06:48, Marc Muehlfeld via samba <sa...@lists.samba.org>
wrote:
Marc,
We're in a similar place. Is there really any value having samba and squid
use TLS when they're on the same box (which in our case is accessed via
openvpn)?
Regards, Dewayne
wrote:
We're in a similar place. Is there really any value having samba and squid
use TLS when they're on the same box (which in our case is accessed via
openvpn)?
Regards, Dewayne
L.P.H. van Belle via samba
Aug 19, 2016, 3:10:03 AM8/19/16
to
Or better, drop the ldap auth and go use kerberos auth, faster and more secure by default.
If you want to know the config, just ask me. Im running that.
Samba 4.4.5 ad, squid 3.5.19 + squidclamav-icap
With kerberos auth, fallback to NTLM auth, fallback to ldap(s)
and tip ahead, squid 3.5.20+ supports ldaps groups filters.
Only for squidguard i dont know if its supports ldaps.
Greetz,
Louis
> -----Oorspronkelijk bericht-----
> Van: samba [mailto:samba-...@lists.samba.org] Namens Marc Muehlfeld
> via samba
> Verzonden: donderdag 18 augustus 2016 22:48
> Aan: Ricardo Pardim Claus; sa...@lists.samba.org
> Onderwerp: Re: [Samba] Allow unencrypted TLS LDAP query
If you want to know the config, just ask me. Im running that.
Samba 4.4.5 ad, squid 3.5.19 + squidclamav-icap
With kerberos auth, fallback to NTLM auth, fallback to ldap(s)
and tip ahead, squid 3.5.20+ supports ldaps groups filters.
Only for squidguard i dont know if its supports ldaps.
Greetz,
Louis
> -----Oorspronkelijk bericht-----
> Van: samba [mailto:samba-...@lists.samba.org] Namens Marc Muehlfeld
> via samba
> Verzonden: donderdag 18 augustus 2016 22:48
> Aan: Ricardo Pardim Claus; sa...@lists.samba.org
> Onderwerp: Re: [Samba] Allow unencrypted TLS LDAP query
Ricardo Pardim Claus via samba
Aug 19, 2016, 9:50:04 AM8/19/16
to
Dear Marc,
While I can not create a connection between TLS encrypts SquidGuard and Samba4, I opted to disable encryption on Samba.
These options I added in the [global] smb.conf:
client ldap sasl wrapping = sign
ldap server require strong auth = no
Thanks for the support.
While I can not create a connection between TLS encrypts SquidGuard and Samba4, I opted to disable encryption on Samba.
These options I added in the [global] smb.conf:
client ldap sasl wrapping = sign
ldap server require strong auth = no
Thanks for the support.
0 new messages