[Samba] Stymied with samba vs openldap SSL ("Failed to issue the StartTLS instruction...")
allan at physics.umn.edu
Wed Jan 6 18:36:01 UTC 2016
On 01/06/2016 09:53 AM, Graham Allan wrote:
> The packet dump is a good idea. I get the same failure using straight
> SSL to port 636, but wireshark might be able to decode any StartTLS
> negotiation attempt on the default port. Failing that I guess I'll
> resort to running smbd in gdb...
tshark tells me the (smbd) client sends a decrypt error (TLS alert code
51) to the ldap server after receiving the certificate, while the
working "ldapsearch -ZZ" moves on to client key exchange etc.
Puzzling, it doesn't seem like a certificate validation error, I'd
expect that to result in something like codes 42-48.
More information about the samba