Remove TLS verification on LDAP

NethServer Version: 8
Module: Active Directory

Hi all, I’ve recently switched my AD from Nethserver 7 to Nethserver 8, and now i’m switching the old configuration of my VMs to the new AD.

I’d connected my OPNsense to the AD, and in order to do that, I first inserted this line “ldap server require strong auth = no” in the old /var/lib/machines/nsdc/etc/samba/smb.conf of Nethserver 7, now I want to do the same because when I try to connect my OPNsense to the new AD I receive the error “LDAP bind error [BindSimple: Transport encryption required.; Strong(er) authentication required”.

I’ve read on this link “TLS certificates — NS8 documentation” that in order to require a new certificate the Nethserver must be opened to the internet, and well I’d prefer to leave it inside my LAN and remove the stronger authentication.

Thanks in advance.

Well…
https://docs.nethserver.org/projects/ns8/en/latest/system_requirements.html
actually a working internet connection is not reported as system requirement…

Hi @pike, in the documentation there are these lines:

Requesting Let’s Encrypt is possible if the following requirements are met:

1. the server must be reachable from outside on port 80. Make sure your port 80 is open to the public Internet (you can check with sites like CSM)

I would like to leave my Nethserver not opened to the public internet.

Thanks

I can understand why.
However, current infrastructure design rely on Let’sencrypt for verifiable certification chain and… “valid” certificates no matter what.
It’s gonna be funny when 5 NS8 will need 5 public ip addresses for certificates…
I mean… should be a cluster, innit?

yeah, this is what I understood, but not at all xD

anyway, the LDAP is a module, and it have a smb.conf, I want to find a way to disable this authentication like the previous version.

Thanks

Solved! I followed this: Smb.conf in ns8

but in order to apply the settings, I had to reboot the server, don’t know how to restart the single smb module.