Hello from Germany, I have a problem with the following constellation:
A Samba-Fileserver - Samba 3.5.6 - running in a Windows AD as a member server using idmap_ad for the mapping the User-IDs. This all works fine as long as the LDAP-port 389 is available on the domain controllers. Now, our AD admin wants to close this and move over to LDAPS. And here is my problem. How do I configure my Samba server - resp., winbindd - so it only communicates on port 636? I think I tried all combinations available in the manuals but it still uses port 389. (e.g. ldap ssl=start tls + ldap ssl ad = yes, winbind rpc only = Yes, name resolve order = host). The idmap backend should stay on "ad" for the ADS and we do not want to change it to an ldap. What we discovered is this: - In the gencache he always has the NBT/<DOMAIN>#1C entry for the DCs with a port 389 - We changed the SRV-entries for _ldap._tcp.dc._msdcd.<domain> so it returns port 636 for - no difference regarding the entry in the gencache. - As soon as I close outgoing communications on port 389 using iptables, the gencache entry changes to port 636 - but the winbindd is unable to open any network connection. So, obviously winbindd needs some initial communication on port 389 when connecting to AD - which it shouldn't. Any ideas welcome. Greetings Andreas Ollenburg Kommunales Rechenzentrum Minden-Ravensberg / Lippe Tel.: 05261 / 252-108 Fax: 05261 / 932-108 E-Mail: [email protected]<mailto:[email protected]> http://www.krz.de Immer up to date sein? update newsletter hier abonnieren!<https://www.db.krz.de/bestellung%5Fupdateletter/> [cid:[email protected]] * Bitte prüfen, ob diese Mail wirklich ausgedruckt werden muss!
-- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
