Global Catalogue

classic Classic list List threaded Threaded
8 messages Options
Reply | Threaded
Open this post in threaded view
|

Global Catalogue

Samba - General mailing list
Hello..

Can we promote the Samba AD DC (Version 4.6) to be a global catalogue
server? We need to integrate Websense Proxy with this and Proxy server
searches Global Catalogue on Port 3268.

--

Thanks & Regards,


Anantha Raghava

eXzaTech Consulting And Services Pvt. Ltd.


DISCLAIMER:
This e-mail communication and any attachments may be privileged and
confidential to eXza Technology Consulting & Services, and are intended
only for the use of the recipients named above If you are not the
addressee you may not copy, forward, disclose or use any part of it. If
you have received this message in error, please delete it and all copies
from your system and notify the sender immediately by return e-mail.
Internet communications cannot be guaranteed to be timely, secure, error
or virus-free. The sender does not accept liability for any errors or
omissions.


Do not print this e-mail unless required. Save Paper & trees.

--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba
Reply | Threaded
Open this post in threaded view
|

Re: Global Catalogue

Samba - General mailing list
On Wed, 10 May 2017 22:19:12 +0530
Anantha Raghava via samba <[hidden email]> wrote:

> Hello..
>
> Can we promote the Samba AD DC (Version 4.6) to be a global catalogue
> server? We need to integrate Websense Proxy with this and Proxy
> server searches Global Catalogue on Port 3268.
>

No, but only because it should already be a global catalogue:

root@dc1:~# netstat -plnt | grep ':3268'
tcp        0      0 0.0.0.0:3268            0.0.0.0:*               LISTEN      2294/samba      
tcp6       0      0 :::3268                 :::*                    LISTEN      2294/samba      

Rowland

--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba
Reply | Threaded
Open this post in threaded view
|

Re: Global Catalogue

Samba - General mailing list
Hi,

Although Samba is listening on port 3268, proxy returns error "unable to
connect"

Any suggestions to fix this?

--

Thanks & Regards,


Anantha Raghava


DISCLAIMER:
This e-mail communication and any attachments may be privileged and
confidential to eXza Technology Consulting & Services, and are intended
only for the use of the recipients named above If you are not the
addressee you may not copy, forward, disclose or use any part of it. If
you have received this message in error, please delete it and all copies
from your system and notify the sender immediately by return e-mail.
Internet communications cannot be guaranteed to be timely, secure, error
or virus-free. The sender does not accept liability for any errors or
omissions.


Do not print this e-mail unless required. Save Paper & trees.

On Wednesday 10 May 2017 10:37 PM, Rowland Penny wrote:

> On Wed, 10 May 2017 22:19:12 +0530
> Anantha Raghava via samba <[hidden email]> wrote:
>
>> Hello..
>>
>> Can we promote the Samba AD DC (Version 4.6) to be a global catalogue
>> server? We need to integrate Websense Proxy with this and Proxy
>> server searches Global Catalogue on Port 3268.
>>
> No, but only because it should already be a global catalogue:
>
> root@dc1:~# netstat -plnt | grep ':3268'
> tcp        0      0 0.0.0.0:3268            0.0.0.0:*               LISTEN      2294/samba
> tcp6       0      0 :::3268                 :::*                    LISTEN      2294/samba
>
> Rowland

--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba
Reply | Threaded
Open this post in threaded view
|

Re: Global Catalogue

Samba - General mailing list
On Wed, 10 May 2017 22:42:29 +0530
Anantha Raghava <[hidden email]> wrote:

> Hi,
>
> Although Samba is listening on port 3268, proxy returns error "unable
> to connect"
>
> Any suggestions to fix this?
>

How is the proxy trying to connect ?

Rowland

--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba
Reply | Threaded
Open this post in threaded view
|

Re: Global Catalogue

Samba - General mailing list
Hi,

We provide DC Host's IP address and port as 3268 and user DN of
administrator as CN=Administrator,CN=Users,DC=ktkbank,DC=com and supply
password. But proxy reports "unable to connect to directory".

However, the Proxy's Content Gateway is a member of AD DC and it uses
integrated windows authentication.

--

Thanks & Regards,


Anantha Raghava


DISCLAIMER:
This e-mail communication and any attachments may be privileged and
confidential to eXza Technology Consulting & Services, and are intended
only for the use of the recipients named above If you are not the
addressee you may not copy, forward, disclose or use any part of it. If
you have received this message in error, please delete it and all copies
from your system and notify the sender immediately by return e-mail.
Internet communications cannot be guaranteed to be timely, secure, error
or virus-free. The sender does not accept liability for any errors or
omissions.


Do not print this e-mail unless required. Save Paper & trees.

On Wednesday 10 May 2017 10:53 PM, Rowland Penny via samba wrote:

> On Wed, 10 May 2017 22:42:29 +0530
> Anantha Raghava <[hidden email]> wrote:
>
>> Hi,
>>
>> Although Samba is listening on port 3268, proxy returns error "unable
>> to connect"
>>
>> Any suggestions to fix this?
>>
> How is the proxy trying to connect ?
>
> Rowland
>

--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba
Reply | Threaded
Open this post in threaded view
|

Re: Global Catalogue

Samba - General mailing list
On Wed, 10 May 2017 23:10:31 +0530
Anantha Raghava via samba <[hidden email]> wrote:

> Hi,
>
> We provide DC Host's IP address and port as 3268 and user DN of
> administrator as CN=Administrator,CN=Users,DC=ktkbank,DC=com and
> supply password. But proxy reports "unable to connect to directory".
>
> However, the Proxy's Content Gateway is a member of AD DC and it uses
> integrated windows authentication.
>

well I can connect to the global catalogue using ldapsearch:

rowland@devstation:~$ ldapsearch -Z -p 3268 -h dc1.samdom.example.com -D
"cn=Administrator,cn=Users,dc=samdom,dc=example,dc=com" -W -b
"cn=users,dc=samdom,dc=example,dc=com" -s sub
"(samaccountname=rowland)" -v
ldap_initialize( ldap://member1.samdom.example.com:3268 )
Enter LDAP Password:
filter: (samaccountname=rowland)
requesting: All userApplication attributes
# extended LDIF
#
# LDAPv3
# base <cn=users,dc=samdom,dc=example,dc=com> with scope subtree
# filter: (samaccountname=rowland)
# requesting: ALL
#

# Rowland Penny, Users, samdom.example.com
dn: CN=Rowland Penny,CN=Users,DC=samdom,DC=example,DC=com
CN: Rowland Penny
sn: Penny
...........
..........
.........
........
.......
......
.....

Rowland

--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba
Reply | Threaded
Open this post in threaded view
|

Re: Global Catalogue

Samba - General mailing list
Hello Rowland,

ldap search command throws error as below. I am unable to search ldap.

-------

ldap_initialize( ldap://dc.exza.local:3268 )
ldap_start_tls: Can't contact LDAP server (-1)
Enter LDAP Password:
ldap_sasl_bind(SIMPLE): Can't contact LDAP server (-1)
----------

I am using BIND_DLZ dns back end. and server is listening on 3268 and 3269

--

Thanks & Regards,


Anantha Raghava

eXzaTech Consulting And Services Pvt. Ltd.

Ph: +91-9538849179, E-mail: [hidden email]
<mailto:[hidden email]>

URL: http://www.exzatechconsulting.com <http://www.exzatechconsulting.com/>



DISCLAIMER:
This e-mail communication and any attachments may be privileged and
confidential to eXza Technology Consulting & Services, and are intended
only for the use of the recipients named above If you are not the
addressee you may not copy, forward, disclose or use any part of it. If
you have received this message in error, please delete it and all copies
from your system and notify the sender immediately by return e-mail.
Internet communications cannot be guaranteed to be timely, secure, error
or virus-free. The sender does not accept liability for any errors or
omissions.


Do not print this e-mail unless required. Save Paper & trees.

On Wednesday 10 May 2017 11:36 PM, Rowland Penny wrote:

> On Wed, 10 May 2017 23:10:31 +0530
> Anantha Raghava via samba <[hidden email]> wrote:
>
>> Hi,
>>
>> We provide DC Host's IP address and port as 3268 and user DN of
>> administrator as CN=Administrator,CN=Users,DC=ktkbank,DC=com and
>> supply password. But proxy reports "unable to connect to directory".
>>
>> However, the Proxy's Content Gateway is a member of AD DC and it uses
>> integrated windows authentication.
>>
> well I can connect to the global catalogue using ldapsearch:
>
> rowland@devstation:~$ ldapsearch -Z -p 3268 -h dc1.samdom.example.com -D
> "cn=Administrator,cn=Users,dc=samdom,dc=example,dc=com" -W -b
> "cn=users,dc=samdom,dc=example,dc=com" -s sub
> "(samaccountname=rowland)" -v
> ldap_initialize( ldap://member1.samdom.example.com:3268 )
> Enter LDAP Password:
> filter: (samaccountname=rowland)
> requesting: All userApplication attributes
> # extended LDIF
> #
> # LDAPv3
> # base <cn=users,dc=samdom,dc=example,dc=com> with scope subtree
> # filter: (samaccountname=rowland)
> # requesting: ALL
> #
>
> # Rowland Penny, Users, samdom.example.com
> dn: CN=Rowland Penny,CN=Users,DC=samdom,DC=example,DC=com
> CN: Rowland Penny
> sn: Penny
> ...........
> ..........
> .........
> ........
> .......
> ......
> .....
>
> Rowland

--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba
Reply | Threaded
Open this post in threaded view
|

Re: Global Catalogue

Samba - General mailing list
On Fri, 12 May 2017 00:08:50 +0530
Anantha Raghava <[hidden email]> wrote:

> Hello Rowland,
>
> ldap search command throws error as below. I am unable to search ldap.
>
> -------
>
> ldap_initialize( ldap://dc.exza.local:3268 )
> ldap_start_tls: Can't contact LDAP server (-1)
> Enter LDAP Password:
> ldap_sasl_bind(SIMPLE): Can't contact LDAP server (-1)
> ----------
>
> I am using BIND_DLZ dns back end. and server is listening on 3268 and
> 3269
>

You need to set up tls correctly on the DC, see here:

https://wiki.samba.org/index.php/Configuring_LDAP_over_SSL_%28LDAPS%29_on_a_Samba_AD_DC

Rowland

--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba