Hi,
i've got a old syntax and i don't find what the new syntax might be.
stunnel -c -d localhost:389 -r win2003server:636 ( I want to make a tunnel to the ssl port of the active directory server to allow password changes ) i've read a possibility which allows no use of certificates but it was in old syntax.
any input to change that syntax?
i thought it might be something like this. -> client=yes foreground=no accept = 389 connect = win2003server.FME.local
what do i do with this. an upgrade manual speaks of an stunnel.conf file. But this one doesn't excists on my Red Hat Desktop computer. It says also that we have an /usr/local/etc/stunnel dir but i don't have that also. I only have an /etc/stunnel dir (which is totally empty ) and the /usr/sbin/stunnel tool ( version 4.05 )
thx in advance
christof mestdag wrote:
client=yes foreground=no accept = 389 connect = win2003server.FME.local
client=yes [active directory] accept = localhost:389 connect = win2003server:636
Yes, the service name *is* important!
I'm not sure where stunnel.conf should be in your Red Hat. Ask your technical support (or package maintainer). 8-) My guess is: /etc/stunnel/stunnel.conf
Best regards, Mike
Hi, thx for the answer and sorry for the wrong reply. ( i'm so used to push reply :D ) i've put an stunnel.conf file in /etc/stunnel directory with
client=yes [active directory] accept=localhost:389 connect=192.168.1.101=636 like you said ( win2003server ip is 192.168.1.101 )
I did an ps -ef | grep stunnel which gave me this output root 1218 1 0 15:54 ? 00:00:00 /usr/sbin/stunnel stunnel.conf
SO i think it is normally running. ( also logged off and checked it without any problem ) But the question is now how can i be sure the communication goes true that "tunnel". I checked with firewall of server. Whem i close all ports except 636 the linux clients fails working when i add 389 with it it works :s. So it is still throwing all trafic towards 389 ?
( what i want is all trafic which the client wants to send at 389 of server goes true 636 which is ssl port with a less as possible problems with certificates)
greetz
-
christof mestdag -
Michal Trojnara