[Samba] problems with ldap tls

Michael Ott michael at zolnott.de
Tue Feb 18 00:42:51 GMT 2003 

Hallo!

I have a problem using samba with ldap and tls:

starting ldap using slapd -d1 -h "ldaps://0.0.0.0/"

Why does not it work?
using ldap ssl = no working

thanx

Here my smb.conf:
   ldap server = localhost
   #ldap port = 389
   ldap port = 636
   ldap suffix = o=zolnott,dc=de
   ldap admin dn = uid=ldaproot,o=zolnott,dc=de
   ldap filter = (&(uid=%u)(objectclass=sambaAccount))
   ldap ssl = start_tls

Here my slapd.conf:
TLSCipherSuite HIGH:MEDIUM:+SSLv2:RSA
TLSCertificateFile /etc/openldap/www.zolnott.de-ldap-crt.pem
TLSCertificateKeyFile /etc/openldap/www.zolnott.de-ldap-key-nopw.pem

Here my log.smbd:
[2003/02/18 01:40:12, 0] passdb/pdb_ldap.c:ldap_open_connection(182)
   Failed to issue the StartTLS instruction: Can't contact LDAP server
[2003/02/18 01:40:12, 1] smbd/password.c:pass_check_smb(545)
   Couldn't find user 'drow' in passdb.
[2003/02/18 01:40:12, 2] smbd/reply.c:reply_sesssetup_and_X(975)
   NT Password did not match for user 'drow'!
[2003/02/18 01:40:12, 2] smbd/reply.c:reply_sesssetup_and_X(985)
   Defaulting to Lanman password for drow
[2003/02/18 01:40:12, 0] passdb/pdb_ldap.c:ldap_open_connection(182)
   Failed to issue the StartTLS instruction: Can't contact LDAP server
[2003/02/18 01:40:12, 1] smbd/password.c:pass_check_smb(545)
   Couldn't find user 'drow' in passdb.
[2003/02/18 01:40:12, 1] smbd/reply.c:reply_sesssetup_and_X(1001)
   Rejecting user 'drow': authentication failed
[2003/02/18 01:40:12, 2] smbd/server.c:exit_server(461)
   Closing connections

Here my slapd-log:
  connection_get(9): got connid=4
connection_read(9): checking for input on id=4
TLS trace: SSL_accept:before/accept initialization
TLS trace: SSL_accept:error in SSLv2/v3 read client hello A
TLS: can't accept.
TLS: error:140760FC:SSL routines:SSL23_GET_CLIENT_HELLO:unknown protocol 
s23_srvr.c:565
connection_read(9): TLS accept error error=-1 id=4, closing
connection_closing: readying conn=4 sd=9 for close
connection_close: conn=4 sd=9
connection_get(9): got connid=5
connection_read(9): checking for input on id=5
TLS trace: SSL_accept:before/accept initialization
TLS trace: SSL_accept:error in SSLv2/v3 read client hello A
TLS: can't accept.
TLS: error:140760FC:SSL routines:SSL23_GET_CLIENT_HELLO:unknown protocol 
s23_srvr.c:565
connection_read(9): TLS accept error error=-1 id=5, closing
connection_closing: readying conn=5 sd=9 for close
connection_close: conn=5 sd=9


-- 

CU

   Michael                                                      .--.
                                                               |o_o |
--                                                            ||_/ |
   /-----------------------------------------------------\    //   \ \
   |  Michael Ott, Glockenhofstr. 29a, 90478 Nuernberg   |   (|     | )
   | e-mail: michael at ZolnOtt.de, Tel. +49 9 11 41 88 576 |  /'\_   _/`\
   \-----------------------------------------------------/  \___)=(___/

More information about the samba mailing list