[Samba] Samba 2.2.5 and LDAP start_tls

Hardi Gunawan hardigunawan at inbox.lv
Fri Aug 23 18:00:00 GMT 2002 

Yes, doing "ldapsearch -x -ZZ -v -d3 | less" does give me the objects in my 
ldap directory.  In fact, I can use the openldap with postfix using tls.  I'm 
authenticating through PAM using tls too.  So I'm confused as to why it 
doesn't work with Samba 2.2.5 (It was working with Samba 2.2.4)

From Samba-LDAP-PDC-HOWTO, it's said that there's a bug with the start_tls of 
Samba's pdb_ldap.c, which will cause the error:

StartTLS not supported by LDAP client libraries!

I did apply the patch in that HOWTO, but I get the error below in my previous 
email.


On Friday 23 August 2002 21:31, Guenther Deschner wrote:
> hi,
>
> have you tested your certificate? the FQDN of the LDAP-server has to be
> filled in the cn= field.
> assuming you're using linux and openldap you can check it with
> "ldapsearch -x -ZZ -v -d3 | less"
>
> if you do see your objects than tls in general should be fine.
> please note that openldap 2.1.x no longer accepts
> self-signed-certificates.
>
> hth,
> guenther
>
> On Fri, Aug 23, 2002 at 04:52:08PM +0800, Hardi Gunawan wrote:
> > Hi,
> >
> > I've a problem in connecting samba 2.2.5 to LDAP with ldap ssl =
> > start_tls. I've already patched the file pdb_ldap.c and configure.in and
> > run autconf (as described in the Samba-LDAP-PDC howto).
> >
> > However, doing a rpcclient servername -U root%password -c "enumprinters"
> > shows this in the log:
> >
> > [2002/08/23 16:50:44, 0] passdb/pdb_ldap.c:ldap_open_connection(181)
> >   Failed to issue the StartTLS instruction: Connect error
> > [2002/08/23 16:50:44, 1] smbd/password.c:pass_check_smb(545)
> >   Couldn't find user 'root' in passdb.
> > [2002/08/23 16:50:45, 0] passdb/pdb_ldap.c:ldap_open_connection(181)
> >   Failed to issue the StartTLS instruction: Connect error
> > [2002/08/23 16:50:45, 1] smbd/password.c:pass_check_smb(545)
> >   Couldn't find user 'root' in passdb.
> > [2002/08/23 16:50:45, 1] smbd/reply.c:reply_sesssetup_and_X(998)
> >   Rejecting user 'root': authentication failed
> >
> > Has anyone experienced this?
> > --
> > To unsubscribe from this list go to the following URL and read the
> > instructions:  http://lists.samba.org/mailman/listinfo/samba

More information about the samba mailing list