-
Suggestion
-
Resolution: Won't Fix
-
None
-
None
-
None
As quoted by official Samba4 sources (https://wiki.samba.org/index.php/Updating_Samba#New_Default_for_LDAP_Connections_Requires_Strong_Authentication) TLS encryption is enforced by now for binding. Since most admins do not open more ports than neccessary it is quite common to open only 389 and enforce TLS. Unfortunately JIRA offers only SSL (port 636) for AD user management. Me and my admin colleagues consider this as quite limiting and since security overules functionality this is quite a severe disadvantage. Is there any change of nearby implementation???
New Default for LDAP Connections Requires Strong Authentication 4.4.1 or later / 4.3.7 or later / 4.2.10 or later The security updates 4.4.1, 4.3.7 and 4.2.10 introduced a new smb.conf option for the Active Directory (AD) LDAP server to enforce strong authentication. The default for this new option ldap server require strong auth is yes and allows only simple binds over TLS encrypted connections. In consequence, external applications that connect to AD using LDAP, cannot establish a connection if they do not use or support TLS encrypted connections. Applications connecting to Samba AD using the LDAP protocol without encryption, will display the error message: ldap_bind: Strong(er) authentication required (8) additional info: BindSimple: Transport encryption required. For further information, see the 4.4.1, 4.3.7, or the 4.2.10 release notes.
Kind regards