samba: removal of "ldap ssl ads" smb.conf option

Solution Verified - Updated 14 Jun 2024

Environment

Red Hat Enterprise Linux
samba > 4.8.0

Issue

The smb.conf option ldap ssl ads to use LDAP over TLS for samba servers integrated into an Active Directory domain was deprecated already with samba v4.8 and Content from bugzilla.samba.org is not included.has been removed upstream. The option will eventually be removed in future versions of samba shipped with Red Hat Enterprise Linux and it's strongly recommended to not use it anymore.

Resolution

By default Samba uses the Simple Authentication and Security Layer (SASL) framework to sign LDAP traffic exchanged with Microsoft Active Directory domain controllers on the default LDAP port 389. To also encrypt the traffic, please use the option client ldap sasl wrapping=seal in /etc/samba/smb.conf.

Diagnostic Steps

Using the testparm utility shows that this option is deprecated:

# testparm 
WARNING: The "ldap ssl ads" option is deprecated
...

Components

samba

Category

Configure

This solution is part of Red Hat’s fast-track publication program, providing a huge library of solutions that Red Hat engineers have created while supporting our customers. To give you the knowledge you need the instant it becomes available, these articles may be presented in a raw and unedited form.