© 2004
Canonical Ltd.
•
Terms of use
•
Data privacy
•
Contact Launchpad Support
•
Blog
•
Careers
•
System status
•
bbfa235
(Get the code!)
Hi Team,
I have modified my /etc/ldap/ldap.conf
cat /etc/ldap/ldap.conf
#TLS_REQCERT HARD
TLS_REQCERT ALLOW
TLS_CACERT /etc/ssl/
After above changes net ads is succesfull with ssl/tls
I have verified at Windows AD DC end that TLS is being used for communication with the help of wireshark.
Though i am not sure what is impact of changing TLS_REQCERT to ALLOW from HARD if certificates is being used.
Now i have configured ubuntu as AD DC and try to join another ubuntu machine as member server but i am getting below error.
[LDAP] res_errno: 8, res_error: <SASL:[GSS-SPNEGO]: Sign or Seal are required.>, res_matched: <>
kinit succeeded but ads_sasl_
ubuntu AD DC smb.conf
[global]
workgroup = TECHMINT
realm = TECHMINT.LAN
netbios name = ADC1
server role = active directory domain controller
dns forwarder = 8.8.8.8
winbind enum users = yes
winbind enum groups = yes
template shell = /bin/bash
[netlogon]
path = /var/lib/
read only = No
[sysvol]
path = /var/lib/
read only = No
smb.conf for ads member server
[global]
security = ADS
workgroup = TECHMINT
realm = TECHMINT.LAN
log file = /var/opt/
log level = 1
# Default ID mapping configuration for local BUILTIN accounts
# and groups on a domain member. The default (*) domain:
# - must not overlap with any domain ID mapping configuration!
# - must use a read-write-enabled back end, such as tdb.
# - Adding just this is not enough
# - You must set a DOMAIN backend configuration, see below
idmap config * : backend = tdb
idmap config * : range = 3000-7999
username map = /etc/opt/
# ldap ssl = start tls
# ldap ssl ads = yes
ldap debug level = 1
[tmp]
comment = Temporary file space
path = /tmp
read only = no