[Samba] Samba StartTLS
steve
steve at steve-ss.com
Fri Nov 11 00:31:28 MST 2011
Hi
Scenario:
Lan with opensuse 11.4 Samba and LDAP server. Linux, win-xp and win7 clients.
The Linux clients can login fine under TLS:
Nov 10 11:31:22 hh1 slapd[1727]: conn=1243 op=0 STARTTLS
Nov 10 11:31:22 hh1 slapd[1727]: conn=1243 op=0 RESULT oid= err=0 text=
Nov 10 11:31:22 hh1 slapd[1727]: conn=1243 fd=23 TLS established tls_ssf=256
ssf=256
Nov 10 11:31:22 hh1 slapd[1727]: conn=1243 op=1 BIND dn="" method=128
<- - - lots of lines cut - - ->
Nov 10 11:31:22 hh1 slapd[1727]: conn=1243 op=3 BIND
dn="uid=lynn2,ou=people,dc=site" method=128
The windows clients can login but are denied access to their home folder:
Nov 10 11:20:16 hh1 smbd[6066]: [2011/11/10 11:20:16.268556, 0]
lib/smbldap.c:731(smb_ldap_start_tls)
Nov 10 11:20:16 hh1 smbd[6066]: Failed to issue the StartTLS instruction:
Connect error
If smb.conf contains the line:
ldap ssl = start tls
windows clients can login, but are denied access to their
home folders. Uncommenting this line and resarting smb allows windows clients
both to login and gain access to their home folder.
Summary: Samba without TLS works. Samba with TLS doesn't.
Can I confirm:
1. That LDAP is working.
2. That the CA and server certificates (signed by the CA) are correct.
3. The problem is with smb.conf
and lastly after much googling and reading, can anyone help me get rid of the
samba tls issue?
Thanks
More information about the samba
mailing list