Outils pour utilisateurs
samba_ad
Différences
Ci-dessous, les différences entre deux révisions de la page.
| Les deux révisions précédentesRévision précédenteProchaine révision | Révision précédente | ||
| samba_ad [2025/05/28 13:25] – huracan | samba_ad [2025/05/28 13:37] (Version actuelle) – [Obtaining the LDAPS Certificate from the Active Directory Server] huracan | ||
|---|---|---|---|
| Ligne 163: | Ligne 163: | ||
| ===== How to retrieve a LDAPS certificate ===== | ===== How to retrieve a LDAPS certificate ===== | ||
| - | Using OpenSSL on Any Platform to Create the LDAPS Certificate from the AD Server | + | ==== Using OpenSSL on Any Platform to Create the LDAPS Certificate from the AD Server |
| Using OpenSSL should work with any Active Directory Server platform. (Windows, Linux etc.). The example below, uses OpenSSL 1.1.0h 27 Mar 2018. If having difficulties using another version of OpenSSL, consult the appropriate OpenSSL documentation. | Using OpenSSL should work with any Active Directory Server platform. (Windows, Linux etc.). The example below, uses OpenSSL 1.1.0h 27 Mar 2018. If having difficulties using another version of OpenSSL, consult the appropriate OpenSSL documentation. | ||
| Ligne 169: | Ligne 169: | ||
| Requirements: | Requirements: | ||
| - | | + | * Openssl |
| - | FQDN or IP of the Active Directory Server | + | |
| - | LDAPS certificate installed in the Active Directory Server certificate store | + | |
| Steps: | Steps: | ||
| - | | + | -1 Run the following command from your local computer: |
| - | openssl s_client -showcerts -connect <ip or fqdn of your active directory server>: | + | |
| - | In the output, copy the certificate portion of the output to a text file | + | |
| - | rtal | + | openssl s_client -showcerts -connect <ip or fqdn of your active directory server>: |
| + | |||
| + | -2 In the output, copy the certificate portion of the output to a text file | ||
| + | |||
| + | {{ : | ||
| 3. Save the text file as my_ldaps_cert.pem. | 3. Save the text file as my_ldaps_cert.pem. | ||
| Ligne 185: | Ligne 187: | ||
| The saved certificate can be installed into any software that needs to connect to your Active Directory using LDAPS. | The saved certificate can be installed into any software that needs to connect to your Active Directory using LDAPS. | ||
| - | Using Openssl on a Linux Platform to obtain the LDAPS certificate from the AD server | + | ==== Using Openssl on a Linux Platform to obtain the LDAPS certificate from the AD server |
| Requirements: | Requirements: | ||
| - | | + | * Openssl installed on your Linux computer |
| - | FQDN or IP of the Active Directory Server | + | |
| - | LDAPS certificate installed in the Active Directory Server certificate store | + | |
| Perform the following steps: | Perform the following steps: | ||
| - | | + | - 1 Enter the following command from your Linux computer: |
| - | openssl s_client -showcerts -connect <fqdn of your ldap server>: | + | |
| - | Example: | + | |
| - | openssl s_client -showcerts -connect mydc.mycompany.com: | + | |
| - | Upload my_ldaps_cert.pem to the PCoIP Management Console. See Installing an Active Directory Certificate in the PCoIP Management Console Administrators' | + | Example: |
| + | |||
| + | | ||
| + | |||
| + | - 2 Upload my_ldaps_cert.pem to the PCoIP Management Console. See Installing an Active Directory Certificate in the PCoIP Management Console Administrators' | ||
| The saved certificate can be installed into any software that needs to connect to your Active Directory using LDAPS. | The saved certificate can be installed into any software that needs to connect to your Active Directory using LDAPS. | ||
| - | Obtaining the LDAPS Certificate from the Active Directory Server | + | ==== Obtaining the LDAPS Certificate from the Active Directory Server |
| The example below has been successfully tried on both Windows 2008 R2 and Windows 2016 Active Directory servers. Consult with your Active Directory documentation for official methods on obtaining the LDAPs certificate for use in your deployment. | The example below has been successfully tried on both Windows 2008 R2 and Windows 2016 Active Directory servers. Consult with your Active Directory documentation for official methods on obtaining the LDAPs certificate for use in your deployment. | ||
| Ligne 209: | Ligne 215: | ||
| Requirements: | Requirements: | ||
| - | | + | * FQDN or IP of the Active Directory Server |
| - | Administrator username and password of the Active Directory Server | + | |
| - | LDAPS certificate installed in the Active Directory Server certificate store | + | |
| Perform the following steps: | Perform the following steps: | ||
| - | | + | |
| - | Launch mmc.exe. | + | - Launch mmc.exe. |
| - | From the Console, click on File > Add/Remove Snap-in | + | - From the Console, click on File > Add/Remove Snap-in |
| - | In the Add or Remove Snap-ins, select Certificates, | + | - In the Add or Remove Snap-ins, select Certificates, |
| - | | + | - Liste numérotéeIn |
| - | In the Select Computer dialog, select Local computer: (the computer this console is running on), then click Finish. | + | - In the Select Computer dialog, select Local computer: (the computer this console is running on), then click Finish. |
| - | In the Add or Remove Snap-ins window, click OK. | + | - In the Add or Remove Snap-ins window, click OK. |
| - | In the Console, in the left pane, browse to Certificates (Local Computer) > Personal > Certificates. Choose the correct LDAPS certificate. This is the certificate with the following information: | + | - In the Console, in the left pane, browse to Certificates (Local Computer) > Personal > Certificates. Choose the correct LDAPS certificate. This is the certificate with the following information: |
| - | Issued To: <the fqdn of your LDAP server> | + | |
| - | Issued By: <The Certificate Authority where your admin requested the certificate from> | + | |
| - | Right-click on the certificate and click All Tasks > Export. | + | - Right-click on the certificate and click All Tasks > Export. |
| - | In the Certificate Export Wizard, do the following: | + | - In the Certificate Export Wizard, do the following: |
| - | Select not to export the private key | + | |
| - | Choose Base-64 encoded X.509 file format | + | |
| - | Save the certificate as my_ldaps_cert.pem. | + | |
| The saved certificate can be installed into any software that needs to connect to your Active Directory using LDAPS. | The saved certificate can be installed into any software that needs to connect to your Active Directory using LDAPS. | ||
samba_ad.1748431534.txt.gz · Dernière modification : 2025/05/28 13:25 de huracan
Outils de la page
Sauf mention contraire, le contenu de ce wiki est placé sous les termes de la licence suivante : CC Attribution-Share Alike 4.0 International
