[Samba] Stymied with samba vs openldap SSL ("Failed to issue the StartTLS instruction...")

Graham Allan allan at physics.umn.edu
Thu Jan 7 15:59:18 UTC 2016

On 1/6/2016 5:04 PM, John Hixson wrote:
> On Tue, Jan 05, 2016 at 05:35:21PM -0600, Graham Allan wrote:
>> I know this is something which should have a simple fix but I'm failing
>> to see it somehow.
>> I'm moving samba service between a couple of FreeBSD systems (9.3 to
>> 10.2), and I'm stuck on getting samba on the new machine to connect to
>> our openldap server over ssl - frustrating since I've been running
>> samba+ldap for 15 years or so; feel sure I'm missing something basic!
>> I'm getting the traditional error of "Failed to issue the StartTLS
>> instruction: Connect error".
>> I've tried this with two versions of samba: 3.6.25 (same version as the
>> working installation on the older server) and 4.2.3, and get the same
>> issue with both.
> I work on FreeNAS and have at least one complaint about this exact same
> issue. I'm interested in a solution (or reason for this) as well.
> - John

That's interesting. Maybe it makes me feel better that I might not 
missing something stupid...

Are the complaints related to the beta version of FreeNAS (based on 
FreeBSD 10.x)? I've never had any problems on 9.x. I have the same 
version of samba on each, built in tinderbox with identical options, and 
only the 10.x version has this issue for me.

The only pertinent difference I can think of is that 9.x uses openssl 
0.9.8, while 10.x uses 1.0.1, but since the openldap client libraries 
themselves work fine with ssl on both, it's hard to point the finger at 


More information about the samba mailing list