[Samba] secure SSL connection to openldap server fails

Daniel Campbell campbell at on2.com
Tue May 18 17:14:07 GMT 2004

I am having trouble getting the Samba version 3.0.4 to connect securely to
my openldap backend.  I am using straight SSL and not TLS but it still seems
like it is trying to connect using TLS.  The samba and the openldap server
are on the same machine and I can connect to the ldap server using a ldap
browser via ssl without a problem so I know the ldap server is running
correctly.  My config is below, am I missing something or have something
configured wrong?  I used to have this working in the past.  It works fine
if it is not encrypted and I connect to localhost on port 389.  The issue is
eventually these two servers will be on different subnets/machines so I want
to have it use the SSL for security purposes.

        workgroup = MYDOMAIN
        netbios name = MYDOMAINPDC
        server string = DOMAINPDC
        passdb backend = ldapsam:ldaps://
        log file = /var/log/samba/log.%m
        max log size = 10000
        socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
        load printers = No
        add user script = /usr/local/sbin/smbldap-useradd.pl -m '%u'
        delete user script = /usr/local/sbin/smbldap-userdel.pl %u
        add group script = /usr/local/sbin/smbldap-groupadd.pl -p '%g'
        delete group script = /usr/local/sbin/smbldap-groupdel.pl '%g'
        add user to group script = /usr/local/sbin/smbldap-groupmod.pl -m
'%g' '%u'
        delete user from group script =
/usr/local/sbin/smbldap-groupmod.pl -x '%g' '%u'
        set primary group script = /usr/local/sbin/smbldap-usermod.pl -g
'%g' '%u'
        add machine script = /usr/local/sbin/smbldap-useradd.pl -w '%u'
        logon path = \\%L\Profiles\%U
        domain logons = Yes
        os level = 66
        preferred master = Yes
        domain master = Yes
        wins support = Yes
        ldap suffix = o=sample.com
        ldap machine suffix = ou=users
        ldap user suffix = ou=users
        ldap group suffix = ou=groups
        ldap admin dn = uid=root,ou=users,o=sample.com

More information about the samba mailing list