[PVE-User] PVE and Active Directory...

Dmitry Petuhov mityapetuhov at gmail.com
Mon May 21 15:30:55 CEST 2018


To be able to use LDAPS, your client machine (PVE) must trust server's 
certificate. Sign LDAP server's SSL certificate with some CA (private CA 
is ok) and place that CA certificate to /usr/local/share/ca-certificates 
in PEM format with .crt extension on PVE and run 
`update-ca-certificates` to make system trust it.


21.05.2018 16:03, Marco Gaiarin пишет:
> I've tried to setup my AD domain (with samba!) as authentication
> source.
>
> It works, but i was not able to setup SSL, and i was forced to disable
> 'sign or seal' in samba conf, eg:
>
> 	ldap server require strong auth = no
>
> In 'Authentication' i've put:
>
>   Realm: LNFFVG
>   Domain: AD.FVG.LNF.IT
>   Server: <my server>
>   Fallback Server: <another server>
>   Port: empty
>   SSL: is not editable
>   TFA: empty/none
>
> if i (un)set Port:, eg keep the default, AND i put 'ldap server require strong auth =
> no' in smb.conf auth work.
>
> If i set Port: 636, does not work.
>
>
> Someone have some hint?! Thanks.
>



More information about the pve-user mailing list