[Samba] [LDAP+SSL+Samba 3.0.2a] pb start tls

SECRET Defense dj_soldate at hotmail.com
Wed Jun 2 13:10:32 GMT 2004

hello !

first of all , I run on a Debian woody (without X), I have a LDAP directory 
(with ssl/tls ok), I have an anthentification PAM_LDAP (login only, I have 
no system-auth file) which works with ssl/tls too.

then ,now I would like a samba (3.0.2a) which supports SSL/TLS and LDAP (of 

I compiled this version of samba like this :
./configure --with-ldapsam --prefix=/usr/local/samba --with-ssl
make install
NO error !
A testparm says : no error
but when I try to connect my user ldap (called testldap) on my windows I get 
"the option STARTTLS is not supported " in the log

so I did : ldd /usr/local/samba/sbin/sbmd
and I see libldap, liblber, libpam, etc..  but NO libssl...:(

I reconfigure and reinstall samba like this
./configure --with-ldap --prefix=/usr/local/samba -enabled-shared 
make install
testparm says : unknown option "ldap port"
it's ok 'coz I have not compiled samba with the option --ldapsam.. so I just 
commented this line

and  I read the man smb.conf
see this :
default : ldap port = 636 if ldap ssl=on
default : ldap port= 389 if ldap ssl=off

so I put
ldap ssl=off (then I turn on port 389 - the port of TLs)
ldap ssl= start tls (then I want tls )

I try to open a swindows session. and it works !!!!!!!!
or maybe It seems to work..
I can open a session for the user testldap, the ssldump shows me some 
transactions/things on the port 389, but (because there is always a BUT) the 
debug of the ldap serveur (option -d127) doesnt show me some TLS read or 
something like this, and the password of the admin of LDAP directory is in 

so Is it works or no??
Is someone who has already managed to do samba 3.x+LDAP +SSL/TLS???
is it possible?

So, plz can someone help me ??, I'm in training period.. and the time is 
almost finish...

PS : debian woody (without X)
openldap 2.1.23
openssl 0.9.7d
samba 3.0.2a

PPS : my smb.conf

   workgroup = GABY
   netbios name = TESTG
   server string = Samba Server de Gaby
   security = user
   load printers = yes
   printing = cups
   log file = /usr/local/samba/var/log.%m
   max log size = 1000
   socket options = TCP_NODELAY
   local master = yes
   os level = 255
   domain master = yes
   preferred master = yes
   domain logons = yes
   logon path = \\%L\Profiles\%U
   wins support = yes
   dns proxy = no

logon drive = Z:
logon home = \\%L\profiles\%U
passdb backend = ldapsam:ldap://svrldap.tzm.fr
ldap suffix =  dc=tzm_fr
ldap admin dn = cn=admin,dc=tzm_fr
ldap machine suffix = ou=Computers,dc=tzm_fr

ldap user suffix = ou=People,dc=tzm_fr
ldap ssl = start tls
ldap ssl =off

   comment = Home Directories
   browseable = no
   writable = yes
   create mask = 0700
   directory mask = 0700

   comment = Network Logon Service
   path = /home/samba/netlogon
   guest ok = no
   writable = no
   share modes = no
   browseable = no

    path = /home/samba/export/profiles
    browseable = no
    guest ok = yes
    writeable = yes
    create mask = 0700
    directory mask = 0700

   comment = All Printers
   path = /tmp
   browseable = no
   guest ok = no
   writable = no
   printable = yes

   comment = Public Stuff
   path = /home/samba/public
   public = yes
   writable = yes

MSN Search, le moteur de recherche qui pense comme vous !  

More information about the samba mailing list