[Samba] acessing LDAP via SSL

Ullrich Rieger Ullrich.Rieger at syngenio.de
Fri Feb 15 09:15:04 GMT 2002 

Hi there,

I have Samba 2.2.3a configured to access openLDAP 2.0.18 for
authentication. The autentication via ldap protocol works fine. Then I
tried to enable SSL to connect samba with the LDAP server. Calling
smbasswd generates this:

#/usr/local/samba/bin/smbpasswd atuttle -D9
New SMB password:
Retype new SMB password:
ldap_open_connection: connection opened
Bind failed: Can't contact LDAP server
Failed to find entry for user atuttle.
Failed to modify password entry for user atuttle

Both options for "ldap ssl" fail: "on" as well as "start_tls".

There is communication between ldap and samba on the right port, here's
the ldap output for ldap ssl=on:

connection_get(10): got connid=2
connection_read(10): checking for input on id=2
TLS trace: SSL_accept:before/accept initialization
TLS trace: SSL_accept:SSLv3 read client hello A
TLS trace: SSL_accept:SSLv3 write server hello A
TLS trace: SSL_accept:SSLv3 write certificate A
TLS trace: SSL_accept:SSLv3 write server done A
TLS trace: SSL_accept:SSLv3 flush data
TLS trace: SSL_accept:error in SSLv3 read client certificate A
TLS trace: SSL_accept:error in SSLv3 read client certificate A
connection_get(10): got connid=2
connection_read(10): checking for input on id=2
TLS trace: SSL_accept:SSLv3 read client key exchange A
TLS trace: SSL_accept:SSLv3 read finished A
neither TLS trace: SSL_accept:SSLv3 write change cipher spec A
TLS trace: SSL_accept:SSLv3 write finished A
TLS trace: SSL_accept:SSLv3 flush data
connection_get(10): got connid=2
connection_read(10): checking for input on id=2
ber_get_next
TLS trace: SSL3 alert read:warning:close notify
ber_get_next on fd 10 failed errno=0 (Success)
connection_read(10): input error=-2 id=2, closing.
connection_closing: readying conn=2 sd=10 for close
connection_close: conn=2 sd=10
TLS trace: SSL3 alert write:warning:close notify# Global parameters

my smb.conf looks like this:

[global]
        workgroup = MYGROUP
        encrypt passwords = Yes
        log level = 10
        preferred master = False
        domain master = False
        ldap server = server.syngenio.de
        ldap suffix = ou=People,dc=syngenio,dc=de
        ldap admin dn = cn=Manager,dc=syngenio,dc=de

Is there something I might have configured wrong?
I configured ssh to authenticate via LDAP using SSL and it works fine

TIA
Ullrich Rieger

More information about the samba mailing list