Connection to the Active Directory Domain Controller on SAMBA

ZS · February 2019

Hello,

I am using FSPMS version 13.12 and linking to AD domain on WS2008R2 with no problem using the FSPMC console using LDAP: //servername.domain.

However, if I want to connect to the Active Directory Domain Controller on SAMBA, I get the verse "Could not connect to the domain server. Check that you entered all necessary information correctly. " has anyone tried to connect to AD on SAMBA?

The error fragment from the Administrator.error.log file

Spoiler

Thu Feb 28 10:09:53 CET 2019
java.util.concurrent.ExecutionException: com.fsecure.fsa.ad.ldap.LdapException: Could not connect to the domain server. Check that you entered all necessary information correctly.
at java.util.concurrent.FutureTask.report(FutureTask.java:122)
at java.util.concurrent.FutureTask.get(FutureTask.java:192)
at javax.swing.SwingWorker.get(SwingWorker.java:602)
at com.fsecure.fspmc.ui.adsync.AddressAndCredentialsPage$1.done(AddressAndCredentialsPage.java:115)
at javax.swing.SwingWorker$5.run(SwingWorker.java:737)
at javax.swing.SwingWorker$DoSubmitAccumulativeRunnable.run(SwingWorker.java:832)
at sun.swing.AccumulativeRunnable.run(AccumulativeRunnable.java:112)
at javax.swing.SwingWorker$DoSubmitAccumulativeRunnable.actionPerformed(SwingWorker.java:842)
at javax.swing.Timer.fireActionPerformed(Timer.java:313)
at javax.swing.Timer$DoPostEvent.run(Timer.java:245)
at java.awt.event.InvocationEvent.dispatch(InvocationEvent.java:311)
at java.awt.EventQueue.dispatchEventImpl(EventQueue.java:756)
at java.awt.EventQueue.access$500(EventQueue.java:97)
at java.awt.EventQueue$3.run(EventQueue.java:709)
at java.awt.EventQueue$3.run(EventQueue.java:703)
at java.security.AccessController.doPrivileged(Native Method)
at java.security.ProtectionDomain$JavaSecurityAccessImpl.doIntersectionPrivilege(ProtectionDomain.java:80)
at java.awt.EventQueue.dispatchEvent(EventQueue.java:726)
at java.awt.EventDispatchThread.pumpOneEventForFilters(EventDispatchThread.java:201)
at java.awt.EventDispatchThread.pumpEventsForFilter(EventDispatchThread.java:116)
at java.awt.EventDispatchThread.pumpEventsForFilter(EventDispatchThread.java:109)
at java.awt.WaitDispatchSupport$2.run(WaitDispatchSupport.java:190)
at java.awt.WaitDispatchSupport$4.run(WaitDispatchSupport.java:235)
at java.awt.WaitDispatchSupport$4.run(WaitDispatchSupport.java:233)
at java.security.AccessController.doPrivileged(Native Method)
at java.awt.WaitDispatchSupport.enter(WaitDispatchSupport.java:233)
at java.awt.Dialog.show(Dialog.java:1084)
at com.fsecure.common.awt.FDialog.show(FDialog.java:250)
at com.fsecure.common.awt.WizardDialog.show(WizardDialog.java:190)
at com.fsecure.common.awt.WizardDialog.start(WizardDialog.java:185)
at com.fsecure.common.awt.WizardDialog.start(WizardDialog.java:177)
at com.fsecure.fspmc.ui.adsync.ActiveDirectoryView.createRule(ActiveDirectoryView.java:400)
at com.fsecure.fspmc.ui.adsync.ActiveDirectoryView.createSyncRule(ActiveDirectoryView.java:392)
at com.fsecure.fspmc.ui.adsync.ActiveDirectoryView$9.actionPerformed(ActiveDirectoryView.java:381)
at com.fsecure.fspmc.ui.installation.ActionItem.lambda$new$0(ActionItem.java:85)
at javax.swing.AbstractButton.fireActionPerformed(AbstractButton.java:2022)
at javax.swing.AbstractButton$Handler.actionPerformed(AbstractButton.java:2348)
at javax.swing.DefaultButtonModel.fireActionPerformed(DefaultButtonModel.java:402)
at javax.swing.DefaultButtonModel.setPressed(DefaultButtonModel.java:259)
at javax.swing.plaf.basic.BasicButtonListener.mouseReleased(BasicButtonListener.java:252)
at java.awt.AWTEventMulticaster.mouseReleased(AWTEventMulticaster.java:289)
at java.awt.Component.processMouseEvent(Component.java:6533)
at javax.swing.JComponent.processMouseEvent(JComponent.java:3324)
at java.awt.Component.processEvent(Component.java:6298)
at java.awt.Container.processEvent(Container.java:2237)
at java.awt.Component.dispatchEventImpl(Component.java:4889)
at java.awt.Container.dispatchEventImpl(Container.java:2295)
at java.awt.Component.dispatchEvent(Component.java:4711)
at java.awt.LightweightDispatcher.retargetMouseEvent(Container.java:4889)
at java.awt.LightweightDispatcher.processMouseEvent(Container.java:4526)
at java.awt.LightweightDispatcher.dispatchEvent(Container.java:4467)
at java.awt.Container.dispatchEventImpl(Container.java:2281)
at java.awt.Window.dispatchEventImpl(Window.java:2746)
at java.awt.Component.dispatchEvent(Component.java:4711)
at java.awt.EventQueue.dispatchEventImpl(EventQueue.java:758)
at java.awt.EventQueue.access$500(EventQueue.java:97)
at java.awt.EventQueue$3.run(EventQueue.java:709)
at java.awt.EventQueue$3.run(EventQueue.java:703)
at java.security.AccessController.doPrivileged(Native Method)
at java.security.ProtectionDomain$JavaSecurityAccessImpl.doIntersectionPrivilege(ProtectionDomain.java:80)
at java.security.ProtectionDomain$JavaSecurityAccessImpl.doIntersectionPrivilege(ProtectionDomain.java:90)
at java.awt.EventQueue$4.run(EventQueue.java:731)
at java.awt.EventQueue$4.run(EventQueue.java:729)
at java.security.AccessController.doPrivileged(Native Method)
at java.security.ProtectionDomain$JavaSecurityAccessImpl.doIntersectionPrivilege(ProtectionDomain.java:80)
at java.awt.EventQueue.dispatchEvent(EventQueue.java:728)
at java.awt.EventDispatchThread.pumpOneEventForFilters(EventDispatchThread.java:201)
at java.awt.EventDispatchThread.pumpEventsForFilter(EventDispatchThread.java:116)
at java.awt.EventDispatchThread.pumpEventsForHierarchy(EventDispatchThread.java:105)
at java.awt.EventDispatchThread.pumpEvents(EventDispatchThread.java:101)
at java.awt.EventDispatchThread.pumpEvents(EventDispatchThread.java:93)
at java.awt.EventDispatchThread.run(EventDispatchThread.java:82)

Thu Feb 28 10:09:53 CET 2019java.util.concurrent.ExecutionException: com.fsecure.fsa.ad.ldap.LdapException: Could not connect to the domain server. Check that you entered all necessary information correctly.at java.util.concurrent.FutureTask.report(FutureTask.java:122)at java.util.concurrent.FutureTask.get(FutureTask.java:192)at javax.swing.SwingWorker.get(SwingWorker.java:602)at com.fsecure.fspmc.ui.adsync.AddressAndCredentialsPage$1.done(AddressAndCredentialsPage.java:115)at javax.swing.SwingWorker$5.run(SwingWorker.java:737)at javax.swing.SwingWorker$DoSubmitAccumulativeRunnable.run(SwingWorker.java:832)at sun.swing.AccumulativeRunnable.run(AccumulativeRunnable.java:112)at javax.swing.SwingWorker$DoSubmitAccumulativeRunnable.actionPerformed(SwingWorker.java:842)at javax.swing.Timer.fireActionPerformed(Timer.java:313)at javax.swing.Timer$DoPostEvent.run(Timer.java:245)at java.awt.event.InvocationEvent.dispatch(InvocationEvent.java:311)at java.awt.EventQueue.dispatchEventImpl(EventQueue.java:756)at java.awt.EventQueue.access$500(EventQueue.java:97)at java.awt.EventQueue$3.run(EventQueue.java:709)at java.awt.EventQueue$3.run(EventQueue.java:703)at java.security.AccessController.doPrivileged(Native Method)at java.security.ProtectionDomain$JavaSecurityAccessImpl.doIntersectionPrivilege(ProtectionDomain.java:80)at java.awt.EventQueue.dispatchEvent(EventQueue.java:726)at java.awt.EventDispatchThread.pumpOneEventForFilters(EventDispatchThread.java:201)at java.awt.EventDispatchThread.pumpEventsForFilter(EventDispatchThread.java:116)at java.awt.EventDispatchThread.pumpEventsForFilter(EventDispatchThread.java:109)at java.awt.WaitDispatchSupport$2.run(WaitDispatchSupport.java:190)at java.awt.WaitDispatchSupport$4.run(WaitDispatchSupport.java:235)at java.awt.WaitDispatchSupport$4.run(WaitDispatchSupport.java:233)at java.security.AccessController.doPrivileged(Native Method)at java.awt.WaitDispatchSupport.enter(WaitDispatchSupport.java:233)at java.awt.Dialog.show(Dialog.java:1084)at com.fsecure.common.awt.FDialog.show(FDialog.java:250)at com.fsecure.common.awt.WizardDialog.show(WizardDialog.java:190)at com.fsecure.common.awt.WizardDialog.start(WizardDialog.java:185)at com.fsecure.common.awt.WizardDialog.start(WizardDialog.java:177)at com.fsecure.fspmc.ui.adsync.ActiveDirectoryView.createRule(ActiveDirectoryView.java:400)at com.fsecure.fspmc.ui.adsync.ActiveDirectoryView.createSyncRule(ActiveDirectoryView.java:392)at com.fsecure.fspmc.ui.adsync.ActiveDirectoryView$9.actionPerformed(ActiveDirectoryView.java:381)at com.fsecure.fspmc.ui.installation.ActionItem.lambda$new$0(ActionItem.java:85)at javax.swing.AbstractButton.fireActionPerformed(AbstractButton.java:2022)at javax.swing.AbstractButton$Handler.actionPerformed(AbstractButton.java:2348)at javax.swing.DefaultButtonModel.fireActionPerformed(DefaultButtonModel.java:402)at javax.swing.DefaultButtonModel.setPressed(DefaultButtonModel.java:259)at javax.swing.plaf.basic.BasicButtonListener.mouseReleased(BasicButtonListener.java:252)at java.awt.AWTEventMulticaster.mouseReleased(AWTEventMulticaster.java:289)at java.awt.Component.processMouseEvent(Component.java:6533)at javax.swing.JComponent.processMouseEvent(JComponent.java:3324)at java.awt.Component.processEvent(Component.java:6298)at java.awt.Container.processEvent(Container.java:2237)at java.awt.Component.dispatchEventImpl(Component.java:4889)at java.awt.Container.dispatchEventImpl(Container.java:2295)at java.awt.Component.dispatchEvent(Component.java:4711)at java.awt.LightweightDispatcher.retargetMouseEvent(Container.java:4889)at java.awt.LightweightDispatcher.processMouseEvent(Container.java:4526)at java.awt.LightweightDispatcher.dispatchEvent(Container.java:4467)at java.awt.Container.dispatchEventImpl(Container.java:2281)at java.awt.Window.dispatchEventImpl(Window.java:2746)at java.awt.Component.dispatchEvent(Component.java:4711)at java.awt.EventQueue.dispatchEventImpl(EventQueue.java:758)at java.awt.EventQueue.access$500(EventQueue.java:97)at java.awt.EventQueue$3.run(EventQueue.java:709)at java.awt.EventQueue$3.run(EventQueue.java:703)at java.security.AccessController.doPrivileged(Native Method)at java.security.ProtectionDomain$JavaSecurityAccessImpl.doIntersectionPrivilege(ProtectionDomain.java:80)at java.security.ProtectionDomain$JavaSecurityAccessImpl.doIntersectionPrivilege(ProtectionDomain.java:90)at java.awt.EventQueue$4.run(EventQueue.java:731)at java.awt.EventQueue$4.run(EventQueue.java:729)at java.security.AccessController.doPrivileged(Native Method)at java.security.ProtectionDomain$JavaSecurityAccessImpl.doIntersectionPrivilege(ProtectionDomain.java:80)at java.awt.EventQueue.dispatchEvent(EventQueue.java:728)at java.awt.EventDispatchThread.pumpOneEventForFilters(EventDispatchThread.java:201)at java.awt.EventDispatchThread.pumpEventsForFilter(EventDispatchThread.java:116)at java.awt.EventDispatchThread.pumpEventsForHierarchy(EventDispatchThread.java:105)at java.awt.EventDispatchThread.pumpEvents(EventDispatchThread.java:101)at java.awt.EventDispatchThread.pumpEvents(EventDispatchThread.java:93)at java.awt.EventDispatchThread.run(EventDispatchThread.java:82)

etomcat · March 2019

Hello,

> if I want to connect to the Active Directory Domain Controller on SAMBA

What is the version of Samba and what is the underlying OS: such exacting technical information would be important for any answer.

On the other hand, Samba is a kind of hack, a reverse engineered project, so official support is probably not provided for connectivity with that, only bona fide Microsoft AD.

Best regards: Tamas Feher, Hungary.

A_Grinkevitch · March 2019

Hello ZS,

PM was not ever tested with SAMBA, but in theory LDAP should work...

Please check Policy Manager Server fspms-webapp-errors.log for corresponding exception, it should contain details about the reason.

BR,

Alexander

ZS · March 2019

The Samba 4.7.6-Ubuntu OS version is Ubuntu 18.04.1 LTS

Errors from the fspms-webapp-errors.log file
This is a mistake as I try to connect using LDAP: //

Spoiler

04.03.2019 11:52:23,920 ERROR [c.f.f.s.a.LdapDirectoryServiceImpl] - Failed to perform LDAP(S) query
javax.naming.AuthenticationNotSupportedException: [LDAP: error code 8 - BindSimple: Transport encryption required.]
at com.sun.jndi.ldap.LdapCtx.mapErrorCode(LdapCtx.java:3145) ~[?:1.8.0_152]
at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:3100) ~[?:1.8.0_152]
at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:2886) ~[?:1.8.0_152]
at com.sun.jndi.ldap.LdapCtx.connect(LdapCtx.java:2800) ~[?:1.8.0_152]
at com.sun.jndi.ldap.LdapCtx.<init>(LdapCtx.java:319) ~[?:1.8.0_152]
at com.sun.jndi.ldap.LdapCtxFactory.getUsingURL(LdapCtxFactory.java:192) ~[?:1.8.0_152]
at com.sun.jndi.ldap.LdapCtxFactory.getUsingURLs(LdapCtxFactory.java:210) ~[?:1.8.0_152]
at com.sun.jndi.ldap.LdapCtxFactory.getLdapCtxInstance(LdapCtxFactory.java:153) ~[?:1.8.0_152]
at com.sun.jndi.ldap.LdapCtxFactory.getInitialContext(LdapCtxFactory.java:83) ~[?:1.8.0_152]
at javax.naming.spi.NamingManager.getInitialContext(NamingManager.java:684) ~[?:1.8.0_152]
at javax.naming.InitialContext.getDefaultInitCtx(InitialContext.java:313) ~[?:1.8.0_152]
at javax.naming.InitialContext.init(InitialContext.java:244) ~[?:1.8.0_152]
at javax.naming.ldap.InitialLdapContext.<init>(InitialLdapContext.java:154) ~[?:1.8.0_152]
at com.fsecure.fspms.service.adrules.LdapDirectoryServiceImpl.getDefaultNamingContext(LdapDirectoryServiceImpl.java:166) ~[fspms-webapp-1-SNAPSHOT.jar:13.12.84149 (origin/release/pm-13.10#b2b527ca, 1543583231529)]
at com.fsecure.fspms.service.adrules.LdapDirectoryServiceImpl.getLdapContext(LdapDirectoryServiceImpl.java:127) ~[fspms-webapp-1-SNAPSHOT.jar:13.12.84149 (origin/release/pm-13.10#b2b527ca, 1543583231529)]
at com.fsecure.fspms.service.adrules.LdapDirectoryServiceImpl.query(LdapDirectoryServiceImpl.java:85) ~[fspms-webapp-1-SNAPSHOT.jar:13.12.84149 (origin/release/pm-13.10#b2b527ca, 1543583231529)]
at com.fsecure.fspms.service.adrules.LdapDirectoryServiceImpl.query(LdapDirectoryServiceImpl.java:74) ~[fspms-webapp-1-SNAPSHOT.jar:13.12.84149 (origin/release/pm-13.10#b2b527ca, 1543583231529)]

04.03.2019 11:52:23,920 ERROR [c.f.f.s.a.LdapDirectoryServiceImpl] - Failed to perform LDAP(S) queryjavax.naming.AuthenticationNotSupportedException: [LDAP: error code 8 - BindSimple: Transport encryption required.]at com.sun.jndi.ldap.LdapCtx.mapErrorCode(LdapCtx.java:3145) ~[?:1.8.0_152]at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:3100) ~[?:1.8.0_152]at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:2886) ~[?:1.8.0_152]at com.sun.jndi.ldap.LdapCtx.connect(LdapCtx.java:2800) ~[?:1.8.0_152]at com.sun.jndi.ldap.LdapCtx.<init>(LdapCtx.java:319) ~[?:1.8.0_152]at com.sun.jndi.ldap.LdapCtxFactory.getUsingURL(LdapCtxFactory.java:192) ~[?:1.8.0_152]at com.sun.jndi.ldap.LdapCtxFactory.getUsingURLs(LdapCtxFactory.java:210) ~[?:1.8.0_152]at com.sun.jndi.ldap.LdapCtxFactory.getLdapCtxInstance(LdapCtxFactory.java:153) ~[?:1.8.0_152]at com.sun.jndi.ldap.LdapCtxFactory.getInitialContext(LdapCtxFactory.java:83) ~[?:1.8.0_152]at javax.naming.spi.NamingManager.getInitialContext(NamingManager.java:684) ~[?:1.8.0_152]at javax.naming.InitialContext.getDefaultInitCtx(InitialContext.java:313) ~[?:1.8.0_152]at javax.naming.InitialContext.init(InitialContext.java:244) ~[?:1.8.0_152]at javax.naming.ldap.InitialLdapContext.<init>(InitialLdapContext.java:154) ~[?:1.8.0_152]at com.fsecure.fspms.service.adrules.LdapDirectoryServiceImpl.getDefaultNamingContext(LdapDirectoryServiceImpl.java:166) ~[fspms-webapp-1-SNAPSHOT.jar:13.12.84149 (origin/release/pm-13.10#b2b527ca, 1543583231529)]at com.fsecure.fspms.service.adrules.LdapDirectoryServiceImpl.getLdapContext(LdapDirectoryServiceImpl.java:127) ~[fspms-webapp-1-SNAPSHOT.jar:13.12.84149 (origin/release/pm-13.10#b2b527ca, 1543583231529)]at com.fsecure.fspms.service.adrules.LdapDirectoryServiceImpl.query(LdapDirectoryServiceImpl.java:85) ~[fspms-webapp-1-SNAPSHOT.jar:13.12.84149 (origin/release/pm-13.10#b2b527ca, 1543583231529)]at com.fsecure.fspms.service.adrules.LdapDirectoryServiceImpl.query(LdapDirectoryServiceImpl.java:74) ~[fspms-webapp-1-SNAPSHOT.jar:13.12.84149 (origin/release/pm-13.10#b2b527ca, 1543583231529)]

and this is like using LDAPS: //

Spoiler

04.03.2019 11:54:20,564 ERROR [c.f.f.s.a.LdapDirectoryServiceImpl] - Failed to perform LDAP(S) query
javax.naming.CommunicationException: AD1.DOMAIN.LOCAL:636
at com.sun.jndi.ldap.Connection.<init>(Connection.java:226) ~[?:1.8.0_152]
at com.sun.jndi.ldap.LdapClient.<init>(LdapClient.java:137) ~[?:1.8.0_152]
at com.sun.jndi.ldap.LdapClient.getInstance(LdapClient.java:1615) ~[?:1.8.0_152]
at com.sun.jndi.ldap.LdapCtx.connect(LdapCtx.java:2749) ~[?:1.8.0_152]
at com.sun.jndi.ldap.LdapCtx.<init>(LdapCtx.java:319) ~[?:1.8.0_152]
at com.sun.jndi.ldap.LdapCtxFactory.getUsingURL(LdapCtxFactory.java:192) ~[?:1.8.0_152]
at com.sun.jndi.ldap.LdapCtxFactory.getUsingURLs(LdapCtxFactory.java:210) ~[?:1.8.0_152]
at com.sun.jndi.ldap.LdapCtxFactory.getLdapCtxInstance(LdapCtxFactory.java:153) ~[?:1.8.0_152]
at com.sun.jndi.ldap.LdapCtxFactory.getInitialContext(LdapCtxFactory.java:83) ~[?:1.8.0_152]
at javax.naming.spi.NamingManager.getInitialContext(NamingManager.java:684) ~[?:1.8.0_152]
at javax.naming.InitialContext.getDefaultInitCtx(InitialContext.java:313) ~[?:1.8.0_152]
at javax.naming.InitialContext.init(InitialContext.java:244) ~[?:1.8.0_152]
at javax.naming.ldap.InitialLdapContext.<init>(InitialLdapContext.java:154) ~[?:1.8.0_152]
at com.fsecure.fspms.service.adrules.LdapDirectoryServiceImpl.getDefaultNamingContext(LdapDirectoryServiceImpl.java:166) ~[fspms-webapp-1-SNAPSHOT.jar:13.12.84149 (origin/release/pm-13.10#b2b527ca, 1543583231529)]
at com.fsecure.fspms.service.adrules.LdapDirectoryServiceImpl.getLdapContext(LdapDirectoryServiceImpl.java:127) ~[fspms-webapp-1-SNAPSHOT.jar:13.12.84149 (origin/release/pm-13.10#b2b527ca, 1543583231529)]
at com.fsecure.fspms.service.adrules.LdapDirectoryServiceImpl.query(LdapDirectoryServiceImpl.java:85) ~[fspms-webapp-1-SNAPSHOT.jar:13.12.84149 (origin/release/pm-13.10#b2b527ca, 1543583231529)]
at com.fsecure.fspms.service.adrules.LdapDirectoryServiceImpl.query(LdapDirectoryServiceImpl.java:74) ~[fspms-webapp-1-SNAPSHOT.jar:13.12.84149 (origin/release/pm-13.10#b2b527ca, 1543583231529)]

04.03.2019 11:54:20,564 ERROR [c.f.f.s.a.LdapDirectoryServiceImpl] - Failed to perform LDAP(S) queryjavax.naming.CommunicationException: AD1.DOMAIN.LOCAL:636at com.sun.jndi.ldap.Connection.<init>(Connection.java:226) ~[?:1.8.0_152]at com.sun.jndi.ldap.LdapClient.<init>(LdapClient.java:137) ~[?:1.8.0_152]at com.sun.jndi.ldap.LdapClient.getInstance(LdapClient.java:1615) ~[?:1.8.0_152]at com.sun.jndi.ldap.LdapCtx.connect(LdapCtx.java:2749) ~[?:1.8.0_152]at com.sun.jndi.ldap.LdapCtx.<init>(LdapCtx.java:319) ~[?:1.8.0_152]at com.sun.jndi.ldap.LdapCtxFactory.getUsingURL(LdapCtxFactory.java:192) ~[?:1.8.0_152]at com.sun.jndi.ldap.LdapCtxFactory.getUsingURLs(LdapCtxFactory.java:210) ~[?:1.8.0_152]at com.sun.jndi.ldap.LdapCtxFactory.getLdapCtxInstance(LdapCtxFactory.java:153) ~[?:1.8.0_152]at com.sun.jndi.ldap.LdapCtxFactory.getInitialContext(LdapCtxFactory.java:83) ~[?:1.8.0_152]at javax.naming.spi.NamingManager.getInitialContext(NamingManager.java:684) ~[?:1.8.0_152]at javax.naming.InitialContext.getDefaultInitCtx(InitialContext.java:313) ~[?:1.8.0_152]at javax.naming.InitialContext.init(InitialContext.java:244) ~[?:1.8.0_152]at javax.naming.ldap.InitialLdapContext.<init>(InitialLdapContext.java:154) ~[?:1.8.0_152]at com.fsecure.fspms.service.adrules.LdapDirectoryServiceImpl.getDefaultNamingContext(LdapDirectoryServiceImpl.java:166) ~[fspms-webapp-1-SNAPSHOT.jar:13.12.84149 (origin/release/pm-13.10#b2b527ca, 1543583231529)]at com.fsecure.fspms.service.adrules.LdapDirectoryServiceImpl.getLdapContext(LdapDirectoryServiceImpl.java:127) ~[fspms-webapp-1-SNAPSHOT.jar:13.12.84149 (origin/release/pm-13.10#b2b527ca, 1543583231529)]at com.fsecure.fspms.service.adrules.LdapDirectoryServiceImpl.query(LdapDirectoryServiceImpl.java:85) ~[fspms-webapp-1-SNAPSHOT.jar:13.12.84149 (origin/release/pm-13.10#b2b527ca, 1543583231529)]at com.fsecure.fspms.service.adrules.LdapDirectoryServiceImpl.query(LdapDirectoryServiceImpl.java:74) ~[fspms-webapp-1-SNAPSHOT.jar:13.12.84149 (origin/release/pm-13.10#b2b527ca, 1543583231529)]

A_Grinkevitch · March 2019

Could you please provide full exception happened 04.03.2019 11:54:20,564 (from the second spoiler), including “Caused by”?

ZS · March 2019

Of course, here he is

Spoiler

04.03.2019 11:54:20,564 ERROR [c.f.f.s.a.LdapDirectoryServiceImpl] - Failed to perform LDAP(S) query
javax.naming.CommunicationException: AD1.DOMAIN.LOCAL:636
at com.sun.jndi.ldap.Connection.<init>(Connection.java:226) ~[?:1.8.0_152]
at com.sun.jndi.ldap.LdapClient.<init>(LdapClient.java:137) ~[?:1.8.0_152]
at com.sun.jndi.ldap.LdapClient.getInstance(LdapClient.java:1615) ~[?:1.8.0_152]
at com.sun.jndi.ldap.LdapCtx.connect(LdapCtx.java:2749) ~[?:1.8.0_152]
at com.sun.jndi.ldap.LdapCtx.<init>(LdapCtx.java:319) ~[?:1.8.0_152]
at com.sun.jndi.ldap.LdapCtxFactory.getUsingURL(LdapCtxFactory.java:192) ~[?:1.8.0_152]
at com.sun.jndi.ldap.LdapCtxFactory.getUsingURLs(LdapCtxFactory.java:210) ~[?:1.8.0_152]
at com.sun.jndi.ldap.LdapCtxFactory.getLdapCtxInstance(LdapCtxFactory.java:153) ~[?:1.8.0_152]
at com.sun.jndi.ldap.LdapCtxFactory.getInitialContext(LdapCtxFactory.java:83) ~[?:1.8.0_152]
at javax.naming.spi.NamingManager.getInitialContext(NamingManager.java:684) ~[?:1.8.0_152]
at javax.naming.InitialContext.getDefaultInitCtx(InitialContext.java:313) ~[?:1.8.0_152]
at javax.naming.InitialContext.init(InitialContext.java:244) ~[?:1.8.0_152]
at javax.naming.ldap.InitialLdapContext.<init>(InitialLdapContext.java:154) ~[?:1.8.0_152]
at com.fsecure.fspms.service.adrules.LdapDirectoryServiceImpl.getDefaultNamingContext(LdapDirectoryServiceImpl.java:166) ~[fspms-webapp-1-SNAPSHOT.jar:13.12.84149 (origin/release/pm-13.10#b2b527ca, 1543583231529)]
at com.fsecure.fspms.service.adrules.LdapDirectoryServiceImpl.getLdapContext(LdapDirectoryServiceImpl.java:127) ~[fspms-webapp-1-SNAPSHOT.jar:13.12.84149 (origin/release/pm-13.10#b2b527ca, 1543583231529)]
at com.fsecure.fspms.service.adrules.LdapDirectoryServiceImpl.query(LdapDirectoryServiceImpl.java:85) ~[fspms-webapp-1-SNAPSHOT.jar:13.12.84149 (origin/release/pm-13.10#b2b527ca, 1543583231529)]
at com.fsecure.fspms.service.adrules.LdapDirectoryServiceImpl.query(LdapDirectoryServiceImpl.java:74) ~[fspms-webapp-1-SNAPSHOT.jar:13.12.84149 (origin/release/pm-13.10#b2b527ca, 1543583231529)]
at sun.reflect.GeneratedMethodAccessor1123.invoke(Unknown Source) ~[?:?]
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) ~[?:1.8.0_152]
at java.lang.reflect.Method.invoke(Method.java:498) ~[?:1.8.0_152]
at org.springframework.aop.support.AopUtils.invokeJoinpointUsingReflection(AopUtils.java:338) ~[spring-aop-5.0.1.RELEASE.jar:5.0.1.RELEASE]
at org.springframework.aop.framework.ReflectiveMethodInvocation.invokeJoinpoint(ReflectiveMethodInvocation.java:197) ~[spring-aop-5.0.1.RELEASE.jar:5.0.1.RELEASE]
at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:163) ~[spring-aop-5.0.1.RELEASE.jar:5.0.1.RELEASE]
at org.springframework.remoting.support.RemoteInvocationTraceInterceptor.invoke(RemoteInvocationTraceInterceptor.java:78) ~[spring-context-5.0.1.RELEASE.jar:5.0.1.RELEASE]
at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:185) ~[spring-aop-5.0.1.RELEASE.jar:5.0.1.RELEASE]
at org.springframework.aop.framework.JdkDynamicAopProxy.invoke(JdkDynamicAopProxy.java:212) ~[spring-aop-5.0.1.RELEASE.jar:5.0.1.RELEASE]
at com.sun.proxy.$Proxy193.query(Unknown Source) ~[?:?]
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) ~[?:1.8.0_152]
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62) ~[?:1.8.0_152]
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) ~[?:1.8.0_152]
at java.lang.reflect.Method.invoke(Method.java:498) ~[?:1.8.0_152]
at org.springframework.remoting.support.RemoteInvocation.invoke(RemoteInvocation.java:215) ~[spring-context-5.0.1.RELEASE.jar:5.0.1.RELEASE]
at org.springframework.remoting.support.DefaultRemoteInvocationExecutor.invoke(DefaultRemoteInvocationExecutor.java:39) ~[spring-context-5.0.1.RELEASE.jar:5.0.1.RELEASE]
at org.springframework.remoting.support.RemoteInvocationBasedExporter.invoke(RemoteInvocationBasedExporter.java:78) ~[spring-context-5.0.1.RELEASE.jar:5.0.1.RELEASE]
at org.springframework.remoting.support.RemoteInvocationBasedExporter.invokeAndCreateResult(RemoteInvocationBasedExporter.java:114) ~[spring-context-5.0.1.RELEASE.jar:5.0.1.RELEASE]
at com.fsecure.commons.java.spring.remoting.httpinvoker.StreamHttpInvokerServiceExporter.handleRequest(StreamHttpInvokerServiceExporter.java:61) ~[commons-java-spring-1-SNAPSHOT.jar:18.48.84149 (origin/release/pm-13.10#b2b527ca, 1543583231529)]
at org.springframework.web.servlet.mvc.HttpRequestHandlerAdapter.handle(HttpRequestHandlerAdapter.java:53) ~[spring-webmvc-5.0.1.RELEASE.jar:5.0.1.RELEASE]
at org.springframework.web.servlet.DispatcherServlet.doDispatch(DispatcherServlet.java:991) ~[spring-webmvc-5.0.1.RELEASE.jar:5.0.1.RELEASE]
at org.springframework.web.servlet.DispatcherServlet.doService(DispatcherServlet.java:925) ~[spring-webmvc-5.0.1.RELEASE.jar:5.0.1.RELEASE]
at org.springframework.web.servlet.FrameworkServlet.processRequest(FrameworkServlet.java:978) ~[spring-webmvc-5.0.1.RELEASE.jar:5.0.1.RELEASE]
at org.springframework.web.servlet.FrameworkServlet.doPost(FrameworkServlet.java:881) ~[spring-webmvc-5.0.1.RELEASE.jar:5.0.1.RELEASE]
at javax.servlet.http.HttpServlet.service(HttpServlet.java:707) ~[javax.servlet-api-3.1.0.jar:3.1.0]
at org.springframework.web.servlet.FrameworkServlet.service(FrameworkServlet.java:855) ~[spring-webmvc-5.0.1.RELEASE.jar:5.0.1.RELEASE]
at javax.servlet.http.HttpServlet.service(HttpServlet.java:790) ~[javax.servlet-api-3.1.0.jar:3.1.0]
at org.eclipse.jetty.servlet.ServletHolder.handle(ServletHolder.java:848) ~[jetty-servlet-9.3.22.v20171030.jar:9.3.22.v20171030]
at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1772) ~[jetty-servlet-9.3.22.v20171030.jar:9.3.22.v20171030]
at com.fsecure.fspms.notification.BayeuxClientIdFilter.doFilter(BayeuxClientIdFilter.java:35) ~[fspms-webapp-1-SNAPSHOT.jar:13.12.84149 (origin/release/pm-13.10#b2b527ca, 1543583231529)]
at org.springframework.web.filter.DelegatingFilterProxy.invokeDelegate(DelegatingFilterProxy.java:357) ~[spring-web-5.0.1.RELEASE.jar:5.0.1.RELEASE]
at org.springframework.web.filter.DelegatingFilterProxy.doFilter(DelegatingFilterProxy.java:270) ~[spring-web-5.0.1.RELEASE.jar:5.0.1.RELEASE]
at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1751) ~[jetty-servlet-9.3.22.v20171030.jar:9.3.22.v20171030]
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:330) ~[spring-security-web-3.2.10.RELEASE.jar:?]
at org.springframework.security.web.access.intercept.FilterSecurityInterceptor.invoke(FilterSecurityInterceptor.java:118) ~[spring-security-web-3.2.10.RELEASE.jar:?]
at org.springframework.security.web.access.intercept.FilterSecurityInterceptor.doFilter(FilterSecurityInterceptor.java:84) ~[spring-security-web-3.2.10.RELEASE.jar:?]
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342) ~[spring-security-web-3.2.10.RELEASE.jar:?]
at org.springframework.security.web.access.ExceptionTranslationFilter.doFilter(ExceptionTranslationFilter.java:113) ~[spring-security-web-3.2.10.RELEASE.jar:?]
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342) ~[spring-security-web-3.2.10.RELEASE.jar:?]
at org.springframework.security.web.session.SessionManagementFilter.doFilter(SessionManagementFilter.java:103) ~[spring-security-web-3.2.10.RELEASE.jar:?]
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342) ~[spring-security-web-3.2.10.RELEASE.jar:?]
at org.springframework.security.web.servletapi.SecurityContextHolderAwareRequestFilter.doFilter(SecurityContextHolderAwareRequestFilter.java:154) ~[spring-security-web-3.2.10.RELEASE.jar:?]
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342) ~[spring-security-web-3.2.10.RELEASE.jar:?]
at org.springframework.security.web.savedrequest.RequestCacheAwareFilter.doFilter(RequestCacheAwareFilter.java:45) ~[spring-security-web-3.2.10.RELEASE.jar:?]
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342) ~[spring-security-web-3.2.10.RELEASE.jar:?]
at org.springframework.security.web.authentication.www.BasicAuthenticationFilter.doFilter(BasicAuthenticationFilter.java:150) ~[spring-security-web-3.2.10.RELEASE.jar:?]
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342) ~[spring-security-web-3.2.10.RELEASE.jar:?]
at org.springframework.security.web.context.request.async.WebAsyncManagerIntegrationFilter.doFilterInternal(WebAsyncManagerIntegrationFilter.java:50) ~[spring-security-web-3.2.10.RELEASE.jar:?]
at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107) ~[spring-web-5.0.1.RELEASE.jar:5.0.1.RELEASE]
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342) ~[spring-security-web-3.2.10.RELEASE.jar:?]
at com.fsecure.commons.java.spring.session.SessionTerminationFilter.doFilter(SessionTerminationFilter.java:52) ~[commons-java-spring-1-SNAPSHOT.jar:18.48.84149 (origin/release/pm-13.10#b2b527ca, 1543583231529)]
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342) ~[spring-security-web-3.2.10.RELEASE.jar:?]
at org.springframework.security.web.context.SecurityContextPersistenceFilter.doFilter(SecurityContextPersistenceFilter.java:87) ~[spring-security-web-3.2.10.RELEASE.jar:?]
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342) ~[spring-security-web-3.2.10.RELEASE.jar:?]
at org.springframework.security.web.FilterChainProxy.doFilterInternal(FilterChainProxy.java:192) ~[spring-security-web-3.2.10.RELEASE.jar:?]
at org.springframework.security.web.FilterChainProxy.doFilter(FilterChainProxy.java:160) ~[spring-security-web-3.2.10.RELEASE.jar:?]
at org.springframework.web.filter.DelegatingFilterProxy.invokeDelegate(DelegatingFilterProxy.java:357) ~[spring-web-5.0.1.RELEASE.jar:5.0.1.RELEASE]
at org.springframework.web.filter.DelegatingFilterProxy.doFilter(DelegatingFilterProxy.java:270) ~[spring-web-5.0.1.RELEASE.jar:5.0.1.RELEASE]
at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1759) ~[jetty-servlet-9.3.22.v20171030.jar:9.3.22.v20171030]
at org.eclipse.jetty.servlet.ServletHandler.doHandle(ServletHandler.java:582) ~[jetty-servlet-9.3.22.v20171030.jar:9.3.22.v20171030]
at org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:143) ~[jetty-server-9.3.22.v20171030.jar:9.3.22.v20171030]
at org.eclipse.jetty.security.SecurityHandler.handle(SecurityHandler.java:548) ~[jetty-security-9.3.22.v20171030.jar:9.3.22.v20171030]
at org.eclipse.jetty.server.session.SessionHandler.doHandle(SessionHandler.java:226) ~[jetty-server-9.3.22.v20171030.jar:9.3.22.v20171030]
at org.eclipse.jetty.server.handler.ContextHandler.doHandle(ContextHandler.java:1180) ~[jetty-server-9.3.22.v20171030.jar:9.3.22.v20171030]
at org.eclipse.jetty.servlet.ServletHandler.doScope(ServletHandler.java:512) ~[jetty-servlet-9.3.22.v20171030.jar:9.3.22.v20171030]
at org.eclipse.jetty.server.session.SessionHandler.doScope(SessionHandler.java:185) ~[jetty-server-9.3.22.v20171030.jar:9.3.22.v20171030]
at org.eclipse.jetty.server.handler.ContextHandler.doScope(ContextHandler.java:1112) ~[jetty-server-9.3.22.v20171030.jar:9.3.22.v20171030]
at org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:141) ~[jetty-server-9.3.22.v20171030.jar:9.3.22.v20171030]
at org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:134) ~[jetty-server-9.3.22.v20171030.jar:9.3.22.v20171030]
at org.eclipse.jetty.rewrite.handler.RewriteHandler.handle(RewriteHandler.java:335) ~[jetty-rewrite-9.3.22.v20171030.jar:9.3.22.v20171030]
at com.fsecure.fspms.jetty.RewriteHandlerWithAsyncSupport.handle(RewriteHandlerWithAsyncSupport.java:30) ~[fspms-jetty-connectors-1-SNAPSHOT.jar:13.12.84149 (origin/release/pm-13.10#b2b527ca, 1543583231529)]
at org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:134) ~[jetty-server-9.3.22.v20171030.jar:9.3.22.v20171030]
at com.fsecure.fspms.jetty.SingleConnectorHandler.handle(SingleConnectorHandler.java:33) ~[fspms-jetty-connectors-1-SNAPSHOT.jar:13.12.84149 (origin/release/pm-13.10#b2b527ca, 1543583231529)]
at org.eclipse.jetty.server.handler.HandlerList.handle(HandlerList.java:52) ~[jetty-server-9.3.22.v20171030.jar:9.3.22.v20171030]
at org.eclipse.jetty.server.handler.StatisticsHandler.handle(StatisticsHandler.java:169) ~[jetty-server-9.3.22.v20171030.jar:9.3.22.v20171030]
at org.eclipse.jetty.server.handler.HandlerCollection.handle(HandlerCollection.java:119) ~[jetty-server-9.3.22.v20171030.jar:9.3.22.v20171030]
at org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:134) ~[jetty-server-9.3.22.v20171030.jar:9.3.22.v20171030]
at org.eclipse.jetty.server.Server.handle(Server.java:534) ~[jetty-server-9.3.22.v20171030.jar:9.3.22.v20171030]
at org.eclipse.jetty.server.HttpChannel.handle(HttpChannel.java:333) ~[jetty-server-9.3.22.v20171030.jar:9.3.22.v20171030]
at org.eclipse.jetty.server.HttpConnection.onFillable(HttpConnection.java:251) ~[jetty-server-9.3.22.v20171030.jar:9.3.22.v20171030]
at org.eclipse.jetty.io.AbstractConnection$ReadCallback.succeeded(AbstractConnection.java:283) ~[jetty-io-9.3.22.v20171030.jar:9.3.22.v20171030]
at org.eclipse.jetty.io.FillInterest.fillable(FillInterest.java:108) ~[jetty-io-9.3.22.v20171030.jar:9.3.22.v20171030]
at org.eclipse.jetty.io.ssl.SslConnection.onFillable(SslConnection.java:251) ~[jetty-io-9.3.22.v20171030.jar:9.3.22.v20171030]
at org.eclipse.jetty.io.AbstractConnection$ReadCallback.succeeded(AbstractConnection.java:283) ~[jetty-io-9.3.22.v20171030.jar:9.3.22.v20171030]
at org.eclipse.jetty.io.FillInterest.fillable(FillInterest.java:108) ~[jetty-io-9.3.22.v20171030.jar:9.3.22.v20171030]
at org.eclipse.jetty.io.SelectChannelEndPoint$2.run(SelectChannelEndPoint.java:93) ~[jetty-io-9.3.22.v20171030.jar:9.3.22.v20171030]
at org.eclipse.jetty.util.thread.strategy.ExecuteProduceConsume.executeProduceConsume(ExecuteProduceConsume.java:303) ~[jetty-util-9.3.22.v20171030.jar:9.3.22.v20171030]
at org.eclipse.jetty.util.thread.strategy.ExecuteProduceConsume.produceConsume(ExecuteProduceConsume.java:148) ~[jetty-util-9.3.22.v20171030.jar:9.3.22.v20171030]
at org.eclipse.jetty.util.thread.strategy.ExecuteProduceConsume.run(ExecuteProduceConsume.java:136) ~[jetty-util-9.3.22.v20171030.jar:9.3.22.v20171030]
at org.eclipse.jetty.util.thread.QueuedThreadPool.runJob(QueuedThreadPool.java:671) ~[jetty-util-9.3.22.v20171030.jar:9.3.22.v20171030]
at org.eclipse.jetty.util.thread.QueuedThreadPool$2.run(QueuedThreadPool.java:589) ~[jetty-util-9.3.22.v20171030.jar:9.3.22.v20171030]
at java.lang.Thread.run(Thread.java:748) [?:1.8.0_152]
Caused by: javax.net.ssl.SSLHandshakeException: java.security.cert.CertificateException: None of the TrustManagers trust this certificate chain
at sun.security.ssl.Alerts.getSSLException(Alerts.java:192) ~[?:1.8.0_152]
at sun.security.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1959) ~[?:1.8.0_152]
at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:302) ~[?:1.8.0_152]
at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:296) ~[?:1.8.0_152]
at sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1514) ~[?:1.8.0_152]
at sun.security.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:216) ~[?:1.8.0_152]
at sun.security.ssl.Handshaker.processLoop(Handshaker.java:1026) ~[?:1.8.0_152]
at sun.security.ssl.Handshaker.process_record(Handshaker.java:961) ~[?:1.8.0_152]
at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:1072) ~[?:1.8.0_152]
at sun.security.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1385) ~[?:1.8.0_152]
at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1413) ~[?:1.8.0_152]
at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1397) ~[?:1.8.0_152]
at com.sun.jndi.ldap.Connection.createSocket(Connection.java:376) ~[?:1.8.0_152]
at com.sun.jndi.ldap.Connection.<init>(Connection.java:203) ~[?:1.8.0_152]
... 108 more
Caused by: java.security.cert.CertificateException: None of the TrustManagers trust this certificate chain
at com.fsecure.fsa.ad.ldap.CompositeX509TrustManager.checkServerTrusted(CompositeX509TrustManager.java:45) ~[commons-java-ldap-1-SNAPSHOT.jar:18.48.84149 (origin/release/pm-13.10#b2b527ca, 1543583231529)]
at sun.security.ssl.AbstractTrustManagerWrapper.checkServerTrusted(SSLContextImpl.java:985) ~[?:1.8.0_152]
at sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1496) ~[?:1.8.0_152]
at sun.security.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:216) ~[?:1.8.0_152]
at sun.security.ssl.Handshaker.processLoop(Handshaker.java:1026) ~[?:1.8.0_152]
at sun.security.ssl.Handshaker.process_record(Handshaker.java:961) ~[?:1.8.0_152]
at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:1072) ~[?:1.8.0_152]
at sun.security.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1385) ~[?:1.8.0_152]
at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1413) ~[?:1.8.0_152]
at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1397) ~[?:1.8.0_152]
at com.sun.jndi.ldap.Connection.createSocket(Connection.java:376) ~[?:1.8.0_152]
at com.sun.jndi.ldap.Connection.<init>(Connection.java:203) ~[?:1.8.0_152]
... 108 more

04.03.2019 11:54:20,564 ERROR [c.f.f.s.a.LdapDirectoryServiceImpl] - Failed to perform LDAP(S) queryjavax.naming.CommunicationException: AD1.DOMAIN.LOCAL:636at com.sun.jndi.ldap.Connection.<init>(Connection.java:226) ~[?:1.8.0_152]at com.sun.jndi.ldap.LdapClient.<init>(LdapClient.java:137) ~[?:1.8.0_152]at com.sun.jndi.ldap.LdapClient.getInstance(LdapClient.java:1615) ~[?:1.8.0_152]at com.sun.jndi.ldap.LdapCtx.connect(LdapCtx.java:2749) ~[?:1.8.0_152]at com.sun.jndi.ldap.LdapCtx.<init>(LdapCtx.java:319) ~[?:1.8.0_152]at com.sun.jndi.ldap.LdapCtxFactory.getUsingURL(LdapCtxFactory.java:192) ~[?:1.8.0_152]at com.sun.jndi.ldap.LdapCtxFactory.getUsingURLs(LdapCtxFactory.java:210) ~[?:1.8.0_152]at com.sun.jndi.ldap.LdapCtxFactory.getLdapCtxInstance(LdapCtxFactory.java:153) ~[?:1.8.0_152]at com.sun.jndi.ldap.LdapCtxFactory.getInitialContext(LdapCtxFactory.java:83) ~[?:1.8.0_152]at javax.naming.spi.NamingManager.getInitialContext(NamingManager.java:684) ~[?:1.8.0_152]at javax.naming.InitialContext.getDefaultInitCtx(InitialContext.java:313) ~[?:1.8.0_152]at javax.naming.InitialContext.init(InitialContext.java:244) ~[?:1.8.0_152]at javax.naming.ldap.InitialLdapContext.<init>(InitialLdapContext.java:154) ~[?:1.8.0_152]at com.fsecure.fspms.service.adrules.LdapDirectoryServiceImpl.getDefaultNamingContext(LdapDirectoryServiceImpl.java:166) ~[fspms-webapp-1-SNAPSHOT.jar:13.12.84149 (origin/release/pm-13.10#b2b527ca, 1543583231529)]at com.fsecure.fspms.service.adrules.LdapDirectoryServiceImpl.getLdapContext(LdapDirectoryServiceImpl.java:127) ~[fspms-webapp-1-SNAPSHOT.jar:13.12.84149 (origin/release/pm-13.10#b2b527ca, 1543583231529)]at com.fsecure.fspms.service.adrules.LdapDirectoryServiceImpl.query(LdapDirectoryServiceImpl.java:85) ~[fspms-webapp-1-SNAPSHOT.jar:13.12.84149 (origin/release/pm-13.10#b2b527ca, 1543583231529)]at com.fsecure.fspms.service.adrules.LdapDirectoryServiceImpl.query(LdapDirectoryServiceImpl.java:74) ~[fspms-webapp-1-SNAPSHOT.jar:13.12.84149 (origin/release/pm-13.10#b2b527ca, 1543583231529)]at sun.reflect.GeneratedMethodAccessor1123.invoke(Unknown Source) ~[?:?]at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) ~[?:1.8.0_152]at java.lang.reflect.Method.invoke(Method.java:498) ~[?:1.8.0_152]at org.springframework.aop.support.AopUtils.invokeJoinpointUsingReflection(AopUtils.java:338) ~[spring-aop-5.0.1.RELEASE.jar:5.0.1.RELEASE]at org.springframework.aop.framework.ReflectiveMethodInvocation.invokeJoinpoint(ReflectiveMethodInvocation.java:197) ~[spring-aop-5.0.1.RELEASE.jar:5.0.1.RELEASE]at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:163) ~[spring-aop-5.0.1.RELEASE.jar:5.0.1.RELEASE]at org.springframework.remoting.support.RemoteInvocationTraceInterceptor.invoke(RemoteInvocationTraceInterceptor.java:78) ~[spring-context-5.0.1.RELEASE.jar:5.0.1.RELEASE]at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:185) ~[spring-aop-5.0.1.RELEASE.jar:5.0.1.RELEASE]at org.springframework.aop.framework.JdkDynamicAopProxy.invoke(JdkDynamicAopProxy.java:212) ~[spring-aop-5.0.1.RELEASE.jar:5.0.1.RELEASE]at com.sun.proxy.$Proxy193.query(Unknown Source) ~[?:?]at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) ~[?:1.8.0_152]at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62) ~[?:1.8.0_152]at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) ~[?:1.8.0_152]at java.lang.reflect.Method.invoke(Method.java:498) ~[?:1.8.0_152]at org.springframework.remoting.support.RemoteInvocation.invoke(RemoteInvocation.java:215) ~[spring-context-5.0.1.RELEASE.jar:5.0.1.RELEASE]at org.springframework.remoting.support.DefaultRemoteInvocationExecutor.invoke(DefaultRemoteInvocationExecutor.java:39) ~[spring-context-5.0.1.RELEASE.jar:5.0.1.RELEASE]at org.springframework.remoting.support.RemoteInvocationBasedExporter.invoke(RemoteInvocationBasedExporter.java:78) ~[spring-context-5.0.1.RELEASE.jar:5.0.1.RELEASE]at org.springframework.remoting.support.RemoteInvocationBasedExporter.invokeAndCreateResult(RemoteInvocationBasedExporter.java:114) ~[spring-context-5.0.1.RELEASE.jar:5.0.1.RELEASE]at com.fsecure.commons.java.spring.remoting.httpinvoker.StreamHttpInvokerServiceExporter.handleRequest(StreamHttpInvokerServiceExporter.java:61) ~[commons-java-spring-1-SNAPSHOT.jar:18.48.84149 (origin/release/pm-13.10#b2b527ca, 1543583231529)]at org.springframework.web.servlet.mvc.HttpRequestHandlerAdapter.handle(HttpRequestHandlerAdapter.java:53) ~[spring-webmvc-5.0.1.RELEASE.jar:5.0.1.RELEASE]at org.springframework.web.servlet.DispatcherServlet.doDispatch(DispatcherServlet.java:991) ~[spring-webmvc-5.0.1.RELEASE.jar:5.0.1.RELEASE]at org.springframework.web.servlet.DispatcherServlet.doService(DispatcherServlet.java:925) ~[spring-webmvc-5.0.1.RELEASE.jar:5.0.1.RELEASE]at org.springframework.web.servlet.FrameworkServlet.processRequest(FrameworkServlet.java:978) ~[spring-webmvc-5.0.1.RELEASE.jar:5.0.1.RELEASE]at org.springframework.web.servlet.FrameworkServlet.doPost(FrameworkServlet.java:881) ~[spring-webmvc-5.0.1.RELEASE.jar:5.0.1.RELEASE]at javax.servlet.http.HttpServlet.service(HttpServlet.java:707) ~[javax.servlet-api-3.1.0.jar:3.1.0]at org.springframework.web.servlet.FrameworkServlet.service(FrameworkServlet.java:855) ~[spring-webmvc-5.0.1.RELEASE.jar:5.0.1.RELEASE]at javax.servlet.http.HttpServlet.service(HttpServlet.java:790) ~[javax.servlet-api-3.1.0.jar:3.1.0]at org.eclipse.jetty.servlet.ServletHolder.handle(ServletHolder.java:848) ~[jetty-servlet-9.3.22.v20171030.jar:9.3.22.v20171030]at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1772) ~[jetty-servlet-9.3.22.v20171030.jar:9.3.22.v20171030]at com.fsecure.fspms.notification.BayeuxClientIdFilter.doFilter(BayeuxClientIdFilter.java:35) ~[fspms-webapp-1-SNAPSHOT.jar:13.12.84149 (origin/release/pm-13.10#b2b527ca, 1543583231529)]at org.springframework.web.filter.DelegatingFilterProxy.invokeDelegate(DelegatingFilterProxy.java:357) ~[spring-web-5.0.1.RELEASE.jar:5.0.1.RELEASE]at org.springframework.web.filter.DelegatingFilterProxy.doFilter(DelegatingFilterProxy.java:270) ~[spring-web-5.0.1.RELEASE.jar:5.0.1.RELEASE]at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1751) ~[jetty-servlet-9.3.22.v20171030.jar:9.3.22.v20171030]at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:330) ~[spring-security-web-3.2.10.RELEASE.jar:?]at org.springframework.security.web.access.intercept.FilterSecurityInterceptor.invoke(FilterSecurityInterceptor.java:118) ~[spring-security-web-3.2.10.RELEASE.jar:?]at org.springframework.security.web.access.intercept.FilterSecurityInterceptor.doFilter(FilterSecurityInterceptor.java:84) ~[spring-security-web-3.2.10.RELEASE.jar:?]at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342) ~[spring-security-web-3.2.10.RELEASE.jar:?]at org.springframework.security.web.access.ExceptionTranslationFilter.doFilter(ExceptionTranslationFilter.java:113) ~[spring-security-web-3.2.10.RELEASE.jar:?]at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342) ~[spring-security-web-3.2.10.RELEASE.jar:?]at org.springframework.security.web.session.SessionManagementFilter.doFilter(SessionManagementFilter.java:103) ~[spring-security-web-3.2.10.RELEASE.jar:?]at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342) ~[spring-security-web-3.2.10.RELEASE.jar:?]at org.springframework.security.web.servletapi.SecurityContextHolderAwareRequestFilter.doFilter(SecurityContextHolderAwareRequestFilter.java:154) ~[spring-security-web-3.2.10.RELEASE.jar:?]at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342) ~[spring-security-web-3.2.10.RELEASE.jar:?]at org.springframework.security.web.savedrequest.RequestCacheAwareFilter.doFilter(RequestCacheAwareFilter.java:45) ~[spring-security-web-3.2.10.RELEASE.jar:?]at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342) ~[spring-security-web-3.2.10.RELEASE.jar:?]at org.springframework.security.web.authentication.www.BasicAuthenticationFilter.doFilter(BasicAuthenticationFilter.java:150) ~[spring-security-web-3.2.10.RELEASE.jar:?]at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342) ~[spring-security-web-3.2.10.RELEASE.jar:?]at org.springframework.security.web.context.request.async.WebAsyncManagerIntegrationFilter.doFilterInternal(WebAsyncManagerIntegrationFilter.java:50) ~[spring-security-web-3.2.10.RELEASE.jar:?]at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107) ~[spring-web-5.0.1.RELEASE.jar:5.0.1.RELEASE]at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342) ~[spring-security-web-3.2.10.RELEASE.jar:?]at com.fsecure.commons.java.spring.session.SessionTerminationFilter.doFilter(SessionTerminationFilter.java:52) ~[commons-java-spring-1-SNAPSHOT.jar:18.48.84149 (origin/release/pm-13.10#b2b527ca, 1543583231529)]at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342) ~[spring-security-web-3.2.10.RELEASE.jar:?]at org.springframework.security.web.context.SecurityContextPersistenceFilter.doFilter(SecurityContextPersistenceFilter.java:87) ~[spring-security-web-3.2.10.RELEASE.jar:?]at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342) ~[spring-security-web-3.2.10.RELEASE.jar:?]at org.springframework.security.web.FilterChainProxy.doFilterInternal(FilterChainProxy.java:192) ~[spring-security-web-3.2.10.RELEASE.jar:?]at org.springframework.security.web.FilterChainProxy.doFilter(FilterChainProxy.java:160) ~[spring-security-web-3.2.10.RELEASE.jar:?]at org.springframework.web.filter.DelegatingFilterProxy.invokeDelegate(DelegatingFilterProxy.java:357) ~[spring-web-5.0.1.RELEASE.jar:5.0.1.RELEASE]at org.springframework.web.filter.DelegatingFilterProxy.doFilter(DelegatingFilterProxy.java:270) ~[spring-web-5.0.1.RELEASE.jar:5.0.1.RELEASE]at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1759) ~[jetty-servlet-9.3.22.v20171030.jar:9.3.22.v20171030]at org.eclipse.jetty.servlet.ServletHandler.doHandle(ServletHandler.java:582) ~[jetty-servlet-9.3.22.v20171030.jar:9.3.22.v20171030]at org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:143) ~[jetty-server-9.3.22.v20171030.jar:9.3.22.v20171030]at org.eclipse.jetty.security.SecurityHandler.handle(SecurityHandler.java:548) ~[jetty-security-9.3.22.v20171030.jar:9.3.22.v20171030]at org.eclipse.jetty.server.session.SessionHandler.doHandle(SessionHandler.java:226) ~[jetty-server-9.3.22.v20171030.jar:9.3.22.v20171030]at org.eclipse.jetty.server.handler.ContextHandler.doHandle(ContextHandler.java:1180) ~[jetty-server-9.3.22.v20171030.jar:9.3.22.v20171030]at org.eclipse.jetty.servlet.ServletHandler.doScope(ServletHandler.java:512) ~[jetty-servlet-9.3.22.v20171030.jar:9.3.22.v20171030]at org.eclipse.jetty.server.session.SessionHandler.doScope(SessionHandler.java:185) ~[jetty-server-9.3.22.v20171030.jar:9.3.22.v20171030]at org.eclipse.jetty.server.handler.ContextHandler.doScope(ContextHandler.java:1112) ~[jetty-server-9.3.22.v20171030.jar:9.3.22.v20171030]at org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:141) ~[jetty-server-9.3.22.v20171030.jar:9.3.22.v20171030]at org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:134) ~[jetty-server-9.3.22.v20171030.jar:9.3.22.v20171030]at org.eclipse.jetty.rewrite.handler.RewriteHandler.handle(RewriteHandler.java:335) ~[jetty-rewrite-9.3.22.v20171030.jar:9.3.22.v20171030]at com.fsecure.fspms.jetty.RewriteHandlerWithAsyncSupport.handle(RewriteHandlerWithAsyncSupport.java:30) ~[fspms-jetty-connectors-1-SNAPSHOT.jar:13.12.84149 (origin/release/pm-13.10#b2b527ca, 1543583231529)]at org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:134) ~[jetty-server-9.3.22.v20171030.jar:9.3.22.v20171030]at com.fsecure.fspms.jetty.SingleConnectorHandler.handle(SingleConnectorHandler.java:33) ~[fspms-jetty-connectors-1-SNAPSHOT.jar:13.12.84149 (origin/release/pm-13.10#b2b527ca, 1543583231529)]at org.eclipse.jetty.server.handler.HandlerList.handle(HandlerList.java:52) ~[jetty-server-9.3.22.v20171030.jar:9.3.22.v20171030]at org.eclipse.jetty.server.handler.StatisticsHandler.handle(StatisticsHandler.java:169) ~[jetty-server-9.3.22.v20171030.jar:9.3.22.v20171030]at org.eclipse.jetty.server.handler.HandlerCollection.handle(HandlerCollection.java:119) ~[jetty-server-9.3.22.v20171030.jar:9.3.22.v20171030]at org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:134) ~[jetty-server-9.3.22.v20171030.jar:9.3.22.v20171030]at org.eclipse.jetty.server.Server.handle(Server.java:534) ~[jetty-server-9.3.22.v20171030.jar:9.3.22.v20171030]at org.eclipse.jetty.server.HttpChannel.handle(HttpChannel.java:333) ~[jetty-server-9.3.22.v20171030.jar:9.3.22.v20171030]at org.eclipse.jetty.server.HttpConnection.onFillable(HttpConnection.java:251) ~[jetty-server-9.3.22.v20171030.jar:9.3.22.v20171030]at org.eclipse.jetty.io.AbstractConnection$ReadCallback.succeeded(AbstractConnection.java:283) ~[jetty-io-9.3.22.v20171030.jar:9.3.22.v20171030]at org.eclipse.jetty.io.FillInterest.fillable(FillInterest.java:108) ~[jetty-io-9.3.22.v20171030.jar:9.3.22.v20171030]at org.eclipse.jetty.io.ssl.SslConnection.onFillable(SslConnection.java:251) ~[jetty-io-9.3.22.v20171030.jar:9.3.22.v20171030]at org.eclipse.jetty.io.AbstractConnection$ReadCallback.succeeded(AbstractConnection.java:283) ~[jetty-io-9.3.22.v20171030.jar:9.3.22.v20171030]at org.eclipse.jetty.io.FillInterest.fillable(FillInterest.java:108) ~[jetty-io-9.3.22.v20171030.jar:9.3.22.v20171030]at org.eclipse.jetty.io.SelectChannelEndPoint$2.run(SelectChannelEndPoint.java:93) ~[jetty-io-9.3.22.v20171030.jar:9.3.22.v20171030]at org.eclipse.jetty.util.thread.strategy.ExecuteProduceConsume.executeProduceConsume(ExecuteProduceConsume.java:303) ~[jetty-util-9.3.22.v20171030.jar:9.3.22.v20171030]at org.eclipse.jetty.util.thread.strategy.ExecuteProduceConsume.produceConsume(ExecuteProduceConsume.java:148) ~[jetty-util-9.3.22.v20171030.jar:9.3.22.v20171030]at org.eclipse.jetty.util.thread.strategy.ExecuteProduceConsume.run(ExecuteProduceConsume.java:136) ~[jetty-util-9.3.22.v20171030.jar:9.3.22.v20171030]at org.eclipse.jetty.util.thread.QueuedThreadPool.runJob(QueuedThreadPool.java:671) ~[jetty-util-9.3.22.v20171030.jar:9.3.22.v20171030]at org.eclipse.jetty.util.thread.QueuedThreadPool$2.run(QueuedThreadPool.java:589) ~[jetty-util-9.3.22.v20171030.jar:9.3.22.v20171030]at java.lang.Thread.run(Thread.java:748) [?:1.8.0_152]Caused by: javax.net.ssl.SSLHandshakeException: java.security.cert.CertificateException: None of the TrustManagers trust this certificate chainat sun.security.ssl.Alerts.getSSLException(Alerts.java:192) ~[?:1.8.0_152]at sun.security.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1959) ~[?:1.8.0_152]at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:302) ~[?:1.8.0_152]at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:296) ~[?:1.8.0_152]at sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1514) ~[?:1.8.0_152]at sun.security.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:216) ~[?:1.8.0_152]at sun.security.ssl.Handshaker.processLoop(Handshaker.java:1026) ~[?:1.8.0_152]at sun.security.ssl.Handshaker.process_record(Handshaker.java:961) ~[?:1.8.0_152]at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:1072) ~[?:1.8.0_152]at sun.security.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1385) ~[?:1.8.0_152]at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1413) ~[?:1.8.0_152]at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1397) ~[?:1.8.0_152]at com.sun.jndi.ldap.Connection.createSocket(Connection.java:376) ~[?:1.8.0_152]at com.sun.jndi.ldap.Connection.<init>(Connection.java:203) ~[?:1.8.0_152]... 108 moreCaused by: java.security.cert.CertificateException: None of the TrustManagers trust this certificate chainat com.fsecure.fsa.ad.ldap.CompositeX509TrustManager.checkServerTrusted(CompositeX509TrustManager.java:45) ~[commons-java-ldap-1-SNAPSHOT.jar:18.48.84149 (origin/release/pm-13.10#b2b527ca, 1543583231529)]at sun.security.ssl.AbstractTrustManagerWrapper.checkServerTrusted(SSLContextImpl.java:985) ~[?:1.8.0_152]at sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1496) ~[?:1.8.0_152]at sun.security.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:216) ~[?:1.8.0_152]at sun.security.ssl.Handshaker.processLoop(Handshaker.java:1026) ~[?:1.8.0_152]at sun.security.ssl.Handshaker.process_record(Handshaker.java:961) ~[?:1.8.0_152]at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:1072) ~[?:1.8.0_152]at sun.security.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1385) ~[?:1.8.0_152]at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1413) ~[?:1.8.0_152]at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1397) ~[?:1.8.0_152]at com.sun.jndi.ldap.Connection.createSocket(Connection.java:376) ~[?:1.8.0_152]at com.sun.jndi.ldap.Connection.<init>(Connection.java:203) ~[?:1.8.0_152]... 108 more

A_Grinkevitch · March 2019

That’s the reason:
Caused by: javax.net.ssl.SSLHandshakeException: java.security.cert.CertificateException: None of the TrustManagers trust this certificate chain

I’d suggest to check the certificate at your LDAPS port, for instance by running “openssl.exe s_client -connect AD1.DOMAIN.LOCAL:636”, that dumps the certificate to the console. If you save this certificate dump to the *.crt file, certificate viewer will allow you to check all details.

To make LDAPS working, you need to establish trust relationship between PM and SAMBA (by changing LDAPS certificate, importing certificate’s CA to the PM or both).
If Policy Manager is installed at Windows host, PM uses system’s Trusted Root CA. As for PM running at Linux, please check the following Admin Guide page: https://help.f-secure.com/product.html#business/policy-manager/14.00/en/task_A2581FFE289649E6A64D0BE5182E86AF-14.00-en

ZS · March 2019

Thanks to the help it worked

1. I checked the AD server certificate then from the directory

"openssl s_client -showcerts -connect ad1.domain.local: 636"

cd / usr / local / samba / private / tls ## if you compiled samba from sources

cd / var / lib / samba / private / tls ## if you installed samba from repos

2. I copied the certificate and converted it using * .pem to * .crt

openssl x509 -outform der -in your-cert.pem -out your-cert.crt

and finally according to the instructions

3. Run the following command to go to Policy Manager's JRE directory:

cd /opt/f-secure/fspms/jre/

4. Run keytoolto apply the certificate:

./bin/keytool -importcert -keystore ./lib/security/cacerts -file /tmp/crt/server.crt

keytool prompts you to enter a password. Use the default keystore password, changeit.

5. Enter yes when asked if you trust this certificate, and press Enter.

6. Restart the Policy Manager service:

/etc/init.d/fspms restart

Samba from version 4 uses LDAPS to connect

A_Grinkevitch · March 2019

Great! Thank you for the update!

Connection to the Active Directory Domain Controller on SAMBA

Comments

Categories