[Samba] Samba StartTLS

zoolook nbensa at gmail.com
Sat Nov 12 13:34:05 MST 2011

Hi Steve,

2011/11/12 steve <steve at steve-ss.com>:

> My smb conf looks like this:
> passdb backend =  ldapsam:ldap://hh1.site
> idmap backend = ldap:ldap://hh1.site
> ldap ssl = start tls

Looks right.

> hh1.site is my FQDN and is also the CN for the CA and servercerts.


> But I'm wondering. Since the samba and ldap servers are both on the same
> box, is that why TLS isn't working?

Nope. But you could disable ssl/tls in that case: "ldap ssl = off"

> Because it doesn't make sense to have
> it?

It doesn't make sense to use ssl/tls connections in your case, but it
is not the cause your setup is not working.

> There is no communication between samba and ldap over the network as
> they are both on the same machine. Would this explain the errors:


> However, they can connect with:
> in
> /etc/openldap/ldap.conf

Yes, because you're are missing your CA. If you want samba to connect
to openldap over tls/ssl, you need something like this:

TLS_CACERT /path/to/your/ca.crt

> Confused!

Basically you either need to disable tls (ldapsam:ldap://.... and ldap
ssl = off) or put your CA in your samba server and tell ldap where to
find it.


More information about the samba mailing list