[Samba] Stymied with samba vs openldap SSL ("Failed to issue the StartTLS instruction...")

[Graham Allan]

On 01/06/2016 09:53 AM, Graham Allan wrote:
>
> The packet dump is a good idea. I get the same failure using straight
> SSL to port 636, but wireshark might be able to decode any StartTLS
> negotiation attempt on the default port. Failing that I guess I'll
> resort to running smbd in gdb...

tshark tells me the (smbd) client sends a decrypt error (TLS alert code 
51) to the ldap server after receiving the certificate, while the 
working "ldapsearch -ZZ" moves on to client key exchange etc.

Puzzling, it doesn't seem like a certificate validation error, I'd 
expect that to result in something like codes 42-48.

Graham