Dmitry Petuhov
2018-05-21 13:30:55 UTC
To be able to use LDAPS, your client machine (PVE) must trust server's
certificate. Sign LDAP server's SSL certificate with some CA (private CA
is ok) and place that CA certificate to /usr/local/share/ca-certificates
in PEM format with .crt extension on PVE and run
`update-ca-certificates` to make system trust it.
certificate. Sign LDAP server's SSL certificate with some CA (private CA
is ok) and place that CA certificate to /usr/local/share/ca-certificates
in PEM format with .crt extension on PVE and run
`update-ca-certificates` to make system trust it.
I've tried to setup my AD domain (with samba!) as authentication
source.
It works, but i was not able to setup SSL, and i was forced to disable
ldap server require strong auth = no
Realm: LNFFVG
Domain: AD.FVG.LNF.IT
Server: <my server>
Fallback Server: <another server>
Port: empty
SSL: is not editable
TFA: empty/none
if i (un)set Port:, eg keep the default, AND i put 'ldap server require strong auth =
no' in smb.conf auth work.
If i set Port: 636, does not work.
Someone have some hint?! Thanks.
source.
It works, but i was not able to setup SSL, and i was forced to disable
ldap server require strong auth = no
Realm: LNFFVG
Domain: AD.FVG.LNF.IT
Server: <my server>
Fallback Server: <another server>
Port: empty
SSL: is not editable
TFA: empty/none
if i (un)set Port:, eg keep the default, AND i put 'ldap server require strong auth =
no' in smb.conf auth work.
If i set Port: 636, does not work.
Someone have some hint?! Thanks.