To be able to use LDAPS, your client machine (PVE) must trust server's
certificate. Sign LDAP server's SSL certificate with some CA (private CA
is ok) and place that CA certificate to /usr/local/share/ca-certificates
in PEM format with .crt extension on PVE and run
`update-ca-certificates` to make system trust it.
21.05.2018 16:03, Marco Gaiarin пишет:
I've tried to setup my AD domain (with samba!) as authentication
source.
It works, but i was not able to setup SSL, and i was forced to disable
'sign or seal' in samba conf, eg:
ldap server require strong auth = no
In 'Authentication' i've put:
Realm: LNFFVG
Domain: AD.FVG.LNF.IT
Server: <my server>
Fallback Server: <another server>
Port: empty
SSL: is not editable
TFA: empty/none
if i (un)set Port:, eg keep the default, AND i put 'ldap server require strong
auth =
no' in smb.conf auth work.
If i set Port: 636, does not work.
Someone have some hint?! Thanks.
_______________________________________________
pve-user mailing list
[email protected]
https://pve.proxmox.com/cgi-bin/mailman/listinfo/pve-user
