Web lists-archives.com

Re: [Samba] TLS ca/cert/key creation

On Thu, 3 Jan 2019 08:10:30 -0800
Gregory Sloop via samba <samba@xxxxxxxxxxxxxxx> wrote:

> Really Rowland? 

Yes, really!

> As quoted:
> >> I believe I need to examine TLS since when I set "ldap server
> >> require strong auth = allow_sasl_over_tls" or "ldap server require
> >> strong auth = yes" user and group queries fail.
> This is OBVIOUSLY using LDAP and TLS.

I am not arguing that.

> If this was via NTLM/Kerberos, the above setting wouldn't make the
> slightest difference.

It doesn't

> But all that aside - the key question is: [Again, lets quit arguing
> if this is TLS/LDAP or Kerberos.]
> *** How do I get visability into the TLS negotiation so I can figure
> out what's wrong with my ca/certs/keys.
> -Greg

I will send you some notes I made when testing LDAP searches via
SSL/TLS, perhaps these will help.


To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba