Comment 15 for bug 1576799

Revision history for this message
Arjit (arjitkumar) wrote :

I have updated /etc/ldap/ldap.conf:
to
TLS_REQCERT hard

and run ldapsearch as below.

ldapsearch -x -ZZ -h hostname -p 389 -D cn=administrator,cn=users,dc=techmint,dc=lan -w XXXXXXXX -b 'dc=techmint,dc=lan'

I got output as expected.

then i run
net ads join -U Administrator%XXXXXXXX -d 12

I got same issue.

TLS: hostname (IP) does not match common name in certificate (hostname).

After changing
/etc/ldap/ldap.conf:
to
TLS_REQCERT Allow

i am getting other issue which i have mentioned earlier.
Sign or Seal are required.>, res_matched: <>
kinit succeeded but ads_sasl_spnego_gensec_bind(KRB5) failed: Strong(er) authentication required

i have doubts/queries please clarify.

1. If above ldapsearch is returning results. then can i assume the certificate is fine?
2. Are these issues reproducible at your end ?
3. Should i provide any further log details ?