Hi,
I had a plain samba4 domain and the host name was mdc01. Then I got in contact with ucs and fell in love . Thanks for that
I used the domain takeover to the new server ucs01. 99% worked great (thanks again for that )
But I notice, that new user cannot login. sssd rejects the connection via ldaps, since it contacts mdc01 and gets an certificate with cn=ucs01:
dennis@linux:~ $ env LDAPTLS_CACERT=./ldapserver.pem ldapsearch -d1 -x -H ldaps://mdc01.domain.tld/ -D "Administrator@domain.tld" -W sAMAccountName=du
ldap_url_parse_ext(ldaps://mdc01.domain.tld/)
ldap_create
ldap_url_parse_ext(ldaps://mdc01.domain.tld:636/??base)
Enter LDAP Password:
ldap_sasl_bind
ldap_send_initial_request
ldap_new_connection 1 1 0
ldap_int_open_connection
ldap_connect_to_host: TCP mdc01.domain.tld:636
ldap_new_socket: 3
ldap_prepare_socket: 3
ldap_connect_to_host: Trying 192.168.5.101:636
ldap_pvt_connect: fd: 3 tm: -1 async: 0
attempting to connect:
connect success
TLS: hostname (mdc01.domain.tld) does not match common name in certificate (ucs01.domain.tld).
ldap_err2string
ldap_sasl_bind(SIMPLE): Can't contact LDAP server (-1)
As far as I see my options are now:
- re-issue the certificate to mdc01
- re-issue the certificate with a SAN certificate
- rename the server and reinstall samba like this: Changing HOSTNAME on UCS , but Iâm not sure, if the ldap data will survive
Are there any other options, a preferred way or what are your opinions regarding this?
Best regards!