Closed Bubba8291 closed 6 years ago
I don't think you can have AD mode and Samba mode at the same time. Samba mode is for Samba 3, AD mode is for AD and Samba 4.
To get help, the best is to tell us what is not working (error messages, etc.)
Hi,
Thank you for the reply! I am currently running PHP 7.0.27. I do not have a TLS Cert for the ldap Active Directory. My error log looks something like this:
ldap_url_parse_ext(ldap://localhost/)
ldap_init: trying /etc/ldap/ldap.conf
ldap_init: using /etc/ldap/ldap.conf
ldap_init: HOME env is NULL
ldap_init: trying ldaprc
ldap_init: LDAPCONF env is NULL
ldap_init: LDAPRC env is NULL
ldap_url_parse_ext(ldap://localhost/)
ldap_init: trying /etc/ldap/ldap.conf
ldap_init: using /etc/ldap/ldap.conf
ldap_init: HOME env is NULL
ldap_init: trying ldaprc
ldap_init: LDAPCONF env is NULL
ldap_init: LDAPRC env is NULL
ldap_url_parse_ext(ldap://localhost/)
ldap_init: trying /etc/ldap/ldap.conf
ldap_init: using /etc/ldap/ldap.conf
ldap_init: HOME env is NULL
ldap_init: trying ldaprc
ldap_init: LDAPCONF env is NULL
ldap_init: LDAPRC env is NULL
ldap_create
ldap_url_parse_ext(ldaps://192.168.1.236)
ldap_sasl_bind_s
ldap_sasl_bind
ldap_send_initial_request
ldap_new_connection 1 1 0
ldap_int_open_connection
ldap_connect_to_host: TCP 192.168.1.236:636
ldap_new_socket: 6
ldap_prepare_socket: 6
ldap_connect_to_host: Trying 192.168.1.236:636
ldap_pvt_connect: fd: 6 tm: -1 async: 0
attempting to connect:
connect success
TLS: peer cert untrusted or revoked (0x42)
TLS: can't connect: (unknown error code).
ldap_err2string
[Tue Mar 13 07:38:06.546506 2018] [:error] [pid 29782] [client] PHP Warning: ldap_bind(): Unable to bind to server: Can't contact LDAP server in /var/www/sso/pages/change.php on line 80, referer:
ldap_err2string
[Tue Mar 13 07:38:06.546627 2018] [:error] [pid 29782] [client] LDAP - Bind error -1 (Can't contact LDAP server), referer:
(I removed some IPs and the web addresses for privacy)
Hi @Bubba8291, my interpretation of the the log is that php (ssp) could connect with tcp to your ldap server but did not trust the ldap server certificate.
I guess from this doc that samba generated a self signed certificate and you need to change it to one of your own or to add the generated CA to the CAs of SSP server. (https://wiki.samba.org/index.php/Configuring_LDAP_over_SSL_%28LDAPS%29_on_a_Samba_AD_DC)
Also, you can editing temporarily /etc/ldap/ldap.conf to set "TLS_REQCERT never" to disable verifications of certificates. If it works, it means that it is really the certificate the problem. Do not forget to reset this config value to its default otherwise it would be insecure.
Hello @plewin, I get this error that says error 18 at 0 depth lookup: self signed certificate
when I try to verify the cert with openssl. Do you know why this error is occurring?
Are you trying to check samba default certificate ? This wiki https://wiki.samba.org/index.php/Configuring_LDAP_over_SSL_(LDAPS)_on_a_Samba_AD_DC says that it is what you should expect from openssl if you do not make your own certificate
Below that error 18
line, it says error myCert.pem: verification failed
.
What was the command used to get this error ?
openssl verify myCert.pem
I got it to work!
Great news! I close the issue.
I got it to work!
How did you make it work?
I got it to work!
How did you make it work?
@marcioducrato It was an issue with LDAPS. I don't fully remember, but I had to make sure LDAP over TLS was working and I had to change something in the LDAP configuration file.
Hello,
I am currently trying to configure git to my website. I am running a SAMBA Active Directory Domain Controller and I can't get it to work. I am currently running Rasbian OS and Samba 4.5.12. I've been trying to figure this out for the past couple days. Here is my config file:
Could someone please help me?