[Samba] 3.0 with LDAP backend using SSL/TLS and OpenLDAP 2.1.22-1

Robert Harrison robstar at anotherdimension.net
Fri Aug 22 12:07:22 GMT 2003


Preamble: I was reading in the OpenLDAP faq-o-matic that as of 2.1, LDAP
clients (or specifically the LDAP client libraries) need to know how to
find the certificate when connecting via SSL or TLS.

As of 3.0, I've been getting a Samba internal error when setting ldap ssl
= start tls in the smb.conf file. testparm checks out ok (My samba server
is configured as a Role_Domain_PDC server). This error occurs when using
smbclient to connect to samba on the same machine or when attempting to
browse the server using a WinXP Pro SP1 client. Setting ldap ssl = no
eliminates the error and the ldap backend operates correctly. The error
occurs on samba 3.0beta2 and samba3.0rc1.

I do recall that I used to have a secure connection to the ldap backend
working with samba v2.9999... and OpenLDAP 2.0.x however I don't want to
downgrade as I like the new features of 3.0.

I was basically wondering whether there is a configuration option that I
am missing? (possibly to do with pointing Samba at the client SSL
certificate to use when connecting via TLS.)

Interestingly, I do have both libgnutls5 (0.8.8-2) and libgnutls7
(0.8.9-2) installed as various software I have depends on one or the other
of these libraries. Samba appears to be linked to libgnutls5.

Other pertinent version info:
OS: Debian testing/unstable kernel 2.4.20-9,
libldap2 2.1.22-1

Snippet of the log.smbd file follows:

[2003/08/22 12:37:33, 0] lib/fault.c:fault_report(37)
  INTERNAL ERROR: Signal 11 in pid 3241 (3.0.0rc1-0 for Debian)
  Please read the appendix Bugs of the Samba HOWTO collection
[2003/08/22 12:37:33, 0] lib/fault.c:fault_report(39)
  ===============================================================
[2003/08/22 12:37:33, 0] lib/util.c:smb_panic(1452)
  smb_panic(): calling panic action [/usr/share/samba/panic-action 3241]
/usr/share/samba/panic-action: line 48: mail: command not found
[2003/08/22 12:37:33, 0] lib/util.c:smb_panic(1460)
  smb_panic(): action returned status 127
[2003/08/22 12:37:33, 0] lib/util.c:smb_panic(1462)
  PANIC: internal error
[2003/08/22 12:37:33, 0] lib/util.c:smb_panic(1469)
  BACKTRACE: 21 stack frames:
   #0 /usr/sbin/smbd(smb_panic+0xc9) [0x81816b5]
   #1 /usr/sbin/smbd [0x8172de2]
   #2 /lib/libc.so.6 [0x401d0c38]
   #3 /usr/lib/libldap.so.2(gnutls_SSL_get_certificate+0x39) [0x400f9c4e]
   #4 /usr/lib/libldap.so.2(ldap_pvt_tls_get_my_dn+0x1e) [0x400f7daf]
   #5 /usr/lib/libldap.so.2(ldap_int_tls_start+0x116) [0x400f8bce]
   #6 /usr/lib/libldap.so.2(ldap_start_tls_s+0xb2) [0x400f8f20]
   #7 /usr/sbin/smbd [0x81d30f1]
   #8 /usr/sbin/smbd [0x81d34c5]
   #9 /usr/sbin/smbd(smbldap_retry_open+0x31) [0x81d3715]
   #10 /usr/sbin/smbd(smbldap_search+0x4e) [0x81d387a]
   #11 /usr/sbin/smbd(smbldap_search_suffix+0x57) [0x81d3ed7]
   #12 /usr/sbin/smbd(smbldap_search_domain_info+0x8c) [0x81d4784]
   #13 /usr/sbin/smbd [0x816726f]
   #14 /usr/sbin/smbd [0x815fa4e]
   #15 /usr/sbin/smbd(make_pdb_context_list+0xc8) [0x815ff2c]
   #16 /usr/sbin/smbd [0x81601f3]
   #17 /usr/sbin/smbd(initialize_password_db+0xe) [0x816057a]
   #18 /usr/sbin/smbd(main+0x32f) [0x81d5c8b]
   #19 /lib/libc.so.6(__libc_start_main+0xac) [0x401bed04]
   #20 /usr/sbin/smbd(chroot+0x31) [0x80768e1]


Any help or suggestions greatly appreciated,
Rob.



More information about the samba mailing list