2 questions about start_tls (was: Re: [Samba] TLS and ldap referals)

Thierry Lacoste lacoste at miage.univ-paris12.fr
Thu Jul 26 19:17:15 GMT 2007

> > When I shutdown the PDC, logon to a windows client and update my password
> > I get a "domain unavailable error" as expected.
> > When I restart the master and do it again, evrything is OK.
> > Therefore I guess the referal is chased and TLS is used, or did I miss
> > something?
I miserably screwed up my test. Sorry for the noise.
It appears that I'm unable to make my BDC chase referrals (with or
without TLS) though an ldapmodify gives me the correct referrals.
I'm going back to docs ...
> From man smb.conf:
>               Default: ldap ssl = start_tls
This still puzzles me.
In certain situations (e.g. SSL certificate problem)
when I put explicitely "ldap ssl = start_tls" in my smb.conf I have
[2007/07/26 16:43:28, 0] lib/smbldap.c:smb_ldap_start_tls(546)
  Failed to issue the StartTLS instruction: Connect error
When I remove it everything is fine.
Do I misunderstand the word "Default"?


More information about the samba mailing list