[Samba] Samba 2.2.5 and LDAP start_tls
Hardi Gunawan
hardigunawan at inbox.lv
Fri Aug 23 18:00:00 GMT 2002
Yes, doing "ldapsearch -x -ZZ -v -d3 | less" does give me the objects in my
ldap directory. In fact, I can use the openldap with postfix using tls. I'm
authenticating through PAM using tls too. So I'm confused as to why it
doesn't work with Samba 2.2.5 (It was working with Samba 2.2.4)
From Samba-LDAP-PDC-HOWTO, it's said that there's a bug with the start_tls of
Samba's pdb_ldap.c, which will cause the error:
StartTLS not supported by LDAP client libraries!
I did apply the patch in that HOWTO, but I get the error below in my previous
email.
On Friday 23 August 2002 21:31, Guenther Deschner wrote:
> hi,
>
> have you tested your certificate? the FQDN of the LDAP-server has to be
> filled in the cn= field.
> assuming you're using linux and openldap you can check it with
> "ldapsearch -x -ZZ -v -d3 | less"
>
> if you do see your objects than tls in general should be fine.
> please note that openldap 2.1.x no longer accepts
> self-signed-certificates.
>
> hth,
> guenther
>
> On Fri, Aug 23, 2002 at 04:52:08PM +0800, Hardi Gunawan wrote:
> > Hi,
> >
> > I've a problem in connecting samba 2.2.5 to LDAP with ldap ssl =
> > start_tls. I've already patched the file pdb_ldap.c and configure.in and
> > run autconf (as described in the Samba-LDAP-PDC howto).
> >
> > However, doing a rpcclient servername -U root%password -c "enumprinters"
> > shows this in the log:
> >
> > [2002/08/23 16:50:44, 0] passdb/pdb_ldap.c:ldap_open_connection(181)
> > Failed to issue the StartTLS instruction: Connect error
> > [2002/08/23 16:50:44, 1] smbd/password.c:pass_check_smb(545)
> > Couldn't find user 'root' in passdb.
> > [2002/08/23 16:50:45, 0] passdb/pdb_ldap.c:ldap_open_connection(181)
> > Failed to issue the StartTLS instruction: Connect error
> > [2002/08/23 16:50:45, 1] smbd/password.c:pass_check_smb(545)
> > Couldn't find user 'root' in passdb.
> > [2002/08/23 16:50:45, 1] smbd/reply.c:reply_sesssetup_and_X(998)
> > Rejecting user 'root': authentication failed
> >
> > Has anyone experienced this?
> > --
> > To unsubscribe from this list go to the following URL and read the
> > instructions: http://lists.samba.org/mailman/listinfo/samba
More information about the samba
mailing list