Hi Team, I have modified my /etc/ldap/ldap.conf cat /etc/ldap/ldap.conf
#TLS_REQCERT HARD TLS_REQCERT ALLOW TLS_CACERT /etc/ssl/certs/msadmaster.pem After above changes net ads is succesfull with ssl/tls I have verified at Windows AD DC end that TLS is being used for communication with the help of wireshark. Though i am not sure what is impact of changing TLS_REQCERT to ALLOW from HARD if certificates is being used. Now i have configured ubuntu as AD DC and try to join another ubuntu machine as member server but i am getting below error. [LDAP] res_errno: 8, res_error: <SASL:[GSS-SPNEGO]: Sign or Seal are required.>, res_matched: <> kinit succeeded but ads_sasl_spnego_gensec_bind(KRB5) failed: Strong(er) authentication required ubuntu AD DC smb.conf [global] workgroup = TECHMINT realm = TECHMINT.LAN netbios name = ADC1 server role = active directory domain controller dns forwarder = 8.8.8.8 idmap_ldb:use rfc2307 = yes winbind enum users = yes winbind enum groups = yes template shell = /bin/bash [netlogon] path = /var/lib/samba/sysvol/techmint.lan/scripts read only = No [sysvol] path = /var/lib/samba/sysvol read only = No smb.conf for ads member server [global] security = ADS workgroup = TECHMINT realm = TECHMINT.LAN log file = /var/opt/samba/%m.log log level = 1 # Default ID mapping configuration for local BUILTIN accounts # and groups on a domain member. The default (*) domain: # - must not overlap with any domain ID mapping configuration! # - must use a read-write-enabled back end, such as tdb. # - Adding just this is not enough # - You must set a DOMAIN backend configuration, see below idmap config * : backend = tdb idmap config * : range = 3000-7999 username map = /etc/opt/samba/user.map # ldap ssl = start tls # ldap ssl ads = yes ldap debug level = 1 [tmp] comment = Temporary file space path = /tmp read only = no -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1576799 Title: Regression: 2:4.3.8+dfsg-0ubuntu0.14.04.2 Failed to Issue the StartTLS instruction To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/samba/+bug/1576799/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs