[Samba] Samba LDAP user adding

Buchan Milne bgmilne at cae.co.za
Thu Jan 30 10:24:09 GMT 2003

> Date: Wed, 29 Jan 2003 15:36:57 -0600 (CST)
> From: "Gerald (Jerry) Carter" <jerry at samba.org>
> To: Jim Wharton <jwharton at acpafl.org>
> Cc: samba at lists.samba.org
> Subject: Re: [Samba] Samba LDAP user adding
> Message-ID: <Pine.LNX.4.44.0301291536030.18022-100000 at queso.plainjoe.org>
> In-Reply-To: <6BF04299B3649344A5074AA9DF734DE012BAA9 at ad.acpa.net>
> Content-Type: TEXT/PLAIN; charset=US-ASCII
> MIME-Version: 1.0
> Precedence: list
> Message: 14

>>> I just installed samba 2.2.7 on Mandrake 9 with OpenLDAP support. I have set
>>> up OpenLDAP and everything is cool. When I try to add a user I get:

If you are using RPMs (such as from
http://ranger.dnsalias.com/mandrake/samba) Note that there is a path
setting in the default /etc/samba/smbldap_conf.pm that is incorrect,
mkntpwd is in /usr/sbin and not /usr/local/sbin

>>> [root at luna openldap]# smbpasswd -a jim
>>> New SMB password:
>>> Retype new SMB password:
>>> Failed to issue the StartTLS instruction: Connect error
>>> Failed to issue the StartTLS instruction: Connect error
>>> Failed to add entry for user jim.
>>> Failed to modify password entry for user jim
>>> so I jumped in to smb.conf and disabled ldap ssl = start tls. Then I got:
> ldap ssl default to "on" which implies LDAPS.  if you want clear text 
> communication, you need to set "ldap ssl = off"

Preferred option would be to fix ssl or tls, which requires that you
generate an ssl cert with the hostname on it that matches the hostname
set in smb.conf (and /etc/ldap.conf if you want to tls/ssl for

Jerry, you are aware that samba defaults to using port 636 for tls when
(AFIAK) it should be using port 389?

(hint if you want to use tls, you need to set:
ldap ssl = start_tls
ldap port = 389

|--------------Another happy Mandrake Club member--------------|
Buchan Milne                Mechanical Engineer, Network Manager
Cellphone * Work            +27 82 472 2231 * +27 21 8828820x121
Stellenbosch Automotive Engineering         http://www.cae.co.za
GPG Key                   http://ranger.dnsalias.com/bgmilne.asc
1024D/60D204A7 2919 E232 5610 A038 87B1 72D6 AC92 BA50 60D2 04A7

More information about the samba mailing list