On Thu, Jul 28, 2011 at 12:31:22PM +0200, Ollenburg, Andreas (KRZ) wrote: > A Samba-Fileserver - Samba 3.5.6 - running in a Windows AD > as a member server using idmap_ad for the mapping the > User-IDs. This all works fine as long as the LDAP-port 389 > is available on the domain controllers. Now, our AD admin > wants to close this and move over to LDAPS. And here is my > problem. How do I configure my Samba server - resp., > winbindd - so it only communicates on port 636? I think I > tried all combinations available in the manuals but it > still uses port 389. (e.g. ldap ssl=start tls + ldap ssl > ad = yes, winbind rpc only = Yes, name resolve order = > host). The idmap backend should stay on "ad" for the ADS > and we do not want to change it to an ldap.
Right now you can't do that. What you can do is convince your admin to leave 389 open but to enforce sasl encryption for LDAP communication. There's registry settings for that. Then set client ldap sasl wrapping = seal in your smb.conf. Volker -- SerNet GmbH, Bahnhofsallee 1b, 37081 Göttingen phone: +49-551-370000-0, fax: +49-551-370000-9 AG Göttingen, HRB 2816, GF: Dr. Johannes Loxen -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
