[Samba] Samba with OpenLDAP: Failed to issue the StartTLS instruction: Connect error

Marcos Vinicius Buzo annihil4tor at gmail.com
Mon Sep 29 01:23:55 GMT 2008

Hi all. I Am trying to set up samba with openldap with TLS. I have
configured other applications such nss_ldap and smbldap-tools to work
correctly with TLS support.

When I try to smbpassd, I get the following message:

Failed to issue the StartTLS instruction: Connect error
Connection to LDAP server failed for the 1 try!

My box is a FreeBSD 7-RELEASE with samba 3.0.32 and OpenLDAP 2.3.43.

Here is my smb.conf ldap settings:

  ldap admin dn = "uid=sysuser,dc=mydomain,dc=com,dc=br"
  ldap group suffix = ou=Groups
  ldap idmap suffix = ou=Idmap
  ldap machine suffix = ou=Computers
  ldap passwd sync = Yes
  ldap suffix = dc=mydomain,dc=com,dc=br
  ldap ssl = start tls
  ldap user suffix = ou=People
  idmap backend = ldap:ldap:// (Also tried the FQDN)
  idmap uid = 5000-50000
  idmap gid = 5000-50000
  ldapsam:editposix = no
  ldapsam:trusted = no

If I do not use TLS it works fine.
I looked at the man pages, and I did not find any settings for the CA
certificate, is it necessary here ?


More information about the samba mailing list