Active Directory - 11.3-U5 START_TLS not using any TLS

[6uellerbpanda]

hi

we recently upgraded from 11.2 to 11.3 and it seems that no TLS encryption like with 11.2 is possible anymore with Active Directory ?

We're connecting to another Samba DC Server. The integration itself is working fine but just without any TLS.
I tried "Encryption Mode" to "On" and "START_TLS" but examining the traffic via tcpdump reveals that no TLS packets or whatsoever encryption is used at all.
Like it has no meaning at all :)

Is somebody else experiencing this or I'm missing something here ?

 

[anodos]

hi

we recently upgraded from 11.2 to 11.3 and it seems that no TLS encryption like with 11.2 is possible anymore with Active Directory ?

We're connecting to another Samba DC Server. The integration itself is working fine but just without any TLS.
I tried "Encryption Mode" to "On" and "START_TLS" but examining the traffic via tcpdump reveals that no TLS packets or whatsoever encryption is used at all.
Like it has no meaning at all :)

Is somebody else experiencing this or I'm missing something here ?

In 11.3 we switched authentication to use kerberos. 12.0 the LDAP python bindings were removed entirely for AD plugin (relying instead on libads / winbindd).

 

[6uellerbpanda]

In 11.3 we switched authentication to use kerberos. 12.0 the LDAP python bindings were removed entirely for AD plugin (relying instead on libads / winbindd).

ok so what you're saying is that "Encryption Mode" has no meaning anymore at all ?
and there's now way anymore to add tls on top of it ?