[Samba] Samba + LDAP + TLS

Jukka Hienola jukka.hienola at hitsyscon.com
Mon Oct 24 18:25:02 GMT 2005


Gerald (Jerry) Carter wrote:

> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> Jukka Hienola wrote:
>
> | So, our name server was unavailable this morning due
> | to OS update. Division's Samba and LDAP services are
> | running on same server, and Samba  is using TLS in
> | connecting to LDAP service. Because some of the network
> | names were not resolvable, I changed "passdb backend =
> | ldapsam:ldap://ldap.server.name/" to "passdb backend =
> | ldapsam:ldap://127.0.0.1/" in smb.conf, although I have
> | ldap.server.name  also in /etc/hosts, just in case. In
> | file /etc/nsswitch.conf  I have line "hosts:      files dns".
> | After I restarted Samba, I just couldn't login to
> | domain anymore either with any machine or domain user accounts.
> | Samba gave me errors like
> |
> | smbd[1956]: [2005/10/24 11:03:17, 0]
> | lib/smbldap.c:smbldap_open_connection(677)
> | smbd[1956]:   Failed to issue the StartTLS instruction: Connect error
>
> My immediate guess would be that the conect failed due to
> a mismatch in the server name's cert.  Make sure you can
> run 'ldapsearch -ZZ -h 127.0.0.1 ...'
>
Yes I can. Any other way to connect to LDAP service via TLS works fine 
except Samba.

Jukka


More information about the samba mailing list