[Samba] Samba + LDAP + TLS
Gerald (Jerry) Carter
jerry at samba.org
Mon Oct 24 12:53:33 GMT 2005
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Jukka Hienola wrote:
| So, our name server was unavailable this morning due
| to OS update. Division's Samba and LDAP services are
| running on same server, and Samba is using TLS in
| connecting to LDAP service. Because some of the network
| names were not resolvable, I changed "passdb backend =
| ldapsam:ldap://ldap.server.name/" to "passdb backend =
| ldapsam:ldap://127.0.0.1/" in smb.conf, although I have
| ldap.server.name also in /etc/hosts, just in case. In
| file /etc/nsswitch.conf I have line "hosts: files dns".
| After I restarted Samba, I just couldn't login to
| domain anymore either with any machine or domain user accounts.
| Samba gave me errors like
|
| smbd[1956]: [2005/10/24 11:03:17, 0]
| lib/smbldap.c:smbldap_open_connection(677)
| smbd[1956]: Failed to issue the StartTLS instruction: Connect error
My immediate guess would be that the conect failed due to
a mismatch in the server name's cert. Make sure you can
run 'ldapsearch -ZZ -h 127.0.0.1 ...'
cheers, jerry
=====================================================================
Alleviating the pain of Windows(tm) ------- http://www.samba.org
GnuPG Key ----- http://www.plainjoe.org/gpg_public.asc
"There's an anonymous coward in all of us." --anonymous
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.0 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org
iD8DBQFDXNlMIR7qMdg1EfYRAoiOAKDRMkCzkiI6/0m+rkGSd67q+e65pACg5Lre
V6QHbrkidy2wUxlBuou3+OE=
=6G47
-----END PGP SIGNATURE-----
More information about the samba
mailing list