Is there any way to use realmd to join active directory using LDAPS?
I'm in a secured environment and I can't use default port 389. I search but didn't find anything.
realm discover/join on port 636
Re: realm discover/join on port 636
realm discover -v XXX.local
* Resolving: _ldap._tcp.XXX.local
* Performing LDAP DSE lookup on: 10.X.X.X
! Can't contact LDAP server
* Performing LDAP DSE lookup on: 10.Y.Y.Y
! Can't contact LDAP server
csf is configured to allow communication with domain controllers.
telnet:
# telnet XXX.local 389
Trying 10.X.X.X...
telnet: connect to address 10.X.X.X: Connection refused
Trying 10.Y.Y.Y...
telnet: connect to address 10.Y.Y.Y: Connection refused
Trying 10.Z.Z.Z...
telnet: connect to address 10.Z.Z.Z: Connection refused
==================
# telnet XXX.local 636
Trying 10.X.X.X...
Connected to XXX.local.
Escape character is '^]'.
* Resolving: _ldap._tcp.XXX.local
* Performing LDAP DSE lookup on: 10.X.X.X
! Can't contact LDAP server
* Performing LDAP DSE lookup on: 10.Y.Y.Y
! Can't contact LDAP server
csf is configured to allow communication with domain controllers.
telnet:
# telnet XXX.local 389
Trying 10.X.X.X...
telnet: connect to address 10.X.X.X: Connection refused
Trying 10.Y.Y.Y...
telnet: connect to address 10.Y.Y.Y: Connection refused
Trying 10.Z.Z.Z...
telnet: connect to address 10.Z.Z.Z: Connection refused
==================
# telnet XXX.local 636
Trying 10.X.X.X...
Connected to XXX.local.
Escape character is '^]'.
Re: realm discover/join on port 636
I'd be pretty sure that if it uses port 389 at all then it's using STARTTLS immediately to switch to encrypted traffic. Reading man sssd-ldap says "If you want to authenticate against an LDAP server either TLS/SSL or LDAPS is required. sssd does not support authentication over an unencrypted channel". I'd guess that you can find the info you want in that man page though.
The future appears to be RHEL or Debian. I think I'm going Debian.
Info for USB installs on http://wiki.centos.org/HowTos/InstallFromUSBkey
CentOS 5 and 6 are deadest, do not use them.
Use the FAQ Luke
Info for USB installs on http://wiki.centos.org/HowTos/InstallFromUSBkey
CentOS 5 and 6 are deadest, do not use them.
Use the FAQ Luke
Re: realm discover/join on port 636
Indeed!
Thanks TrevorH
Thanks TrevorH