On Fri, Sep 15, 2006 at 04:32:13PM -0300, Felipe Augusto van de Wiel wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > > I have winbind working nicely with AD here. It took a while to > > figure out but now AD user accounts can ssh into my Linux boxen > > reliably, which is really all I needed; just ssh access. But I > > want to make sure all the LDAP traffic is secured via TLS/SSL. > > Ok, but this is not Samba part of the job. :) > > If Samba is not talking with your LDAP server, then this > parameter has no effect. You should do the TLS/SSL configurations > on your LDAP server. And you should use kerberos to have real > security in your smb network.
There is no pure LDAP server. There is only the Win2K server that does Microsoft's AD which (unless I am mistaken) is part LDAP, part Kerberos and part SMB. The Kerberos part works fine. The ssh logins through AD work fine. The problem is that I'm connected on port [EMAIL PROTECTED] ~]# net ads info LDAP server: 198.78.123.2 LDAP server name: battu Realm: BINTERACTIVE.COM Bind Path: dc=BINTERACTIVE,dc=COM LDAP port: 389 Server time: Fri, 15 Sep 2006 15:53:49 GMT KDC server: 198.78.123.2 Server time offset: 97 > If it is a PEM with private certificate, shouldn't be > world readable. OK, so what should the perms be? 0400? > Ok, it is a configuration of libldap and other software > that will use resources to query LDAP server. But AIUI you are > not using Samba to query LDAP, you are using winbind to do that, > and then, your question is a little bit off-topic here. ;) Yes. I suppose you are right. I need to subscribe to an LDAP list as well. -- Announcing your plans is a good way to hear the gods' laughter. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
