How to disable SSL on NSDC?

NethServer Version: v7.3.1611 final
Module: Accountsprovider NSDC

I’ve installed 2 instances of NS7 both with Samba-AD. When I try to connect the first with e.g. Ldapadmin I don’t need the SSL encryption, when I try to connect the second I need the SSL encrytion.

I don’t know what I did different.

@davidep can you please give me a hint how to disable SSL requirement on NSDC?

TIA Ralf

Hi Ralf,
could you compare smb.conf of both servers?
Did you see

TLS = Enabled

in the one which didn’t work?

Hi Michael,

thanks for your answer, but in non of the smb.conf is an entry TLS=

Are the samba versions the same?
Please have a look at this:
https://wiki.samba.org/index.php/Updating_Samba#New_Default_for_LDAP_Connections_Requires_Strong_Authentication

2 Likes

Edit /var/lib/machines/nsdc/etc/samba/smb.conf

After the “include” line, add

ldap server require strong auth = no

I wouldn’t do this, anyway and respect the upstream default. Why do you need to disable it?

2 Likes

You are right, this is the difference between those two machines. But I din’t change this on the older one myself. Was there a change in the last 3 month?

I installed eGroupware on the older machine and it worked fine with the NSDC and now I wanted to install the same on the new machine and write an how to. But at the very end of installation I had the issue that the new installation couldn’t authenticate against the AD. Now I know where the difference is and so I can investigate it further.

Thanks a lot for your help

Yes, we reverted to upstream default with Samba 4.6. If you really need to send password in clear text the workaround is that above!

Already tried and it works, but I will try to figure out how to do with SSL enabled. Just because it’s a matter of security. :wink:

O.k. That was easy, just enable SSL and give CN=Users,DC=domain,DC=tld and everything worked fine with new standard enabled.

A detailed HowTo for eGroupware will follow soon.

2 Likes