[Samba] Stymied with samba vs openldap SSL ("Failed to issue the StartTLS instruction...")

Graham Allan allan at physics.umn.edu
Thu Jan 7 16:40:26 UTC 2016

On 01/06/2016 03:54 PM, Lee Brown wrote:
> That's about the stage I can never dig deeper into.  OK, so we know
> application X is having an SSL failure, so how can we crank up the SSL
> verbosity?  Typically I can use openssl s_client to get a clue, although
> you can't always do that either (Postgresql for example).

Unfortunately (in this case), openssl s_client seems perfectly happy 
with connecting to the ldap server - though of course I can only test 
ldaps on port 636 with this, I don't believe s_client knows how to 
initiate a TLS session with openldap.

As both ldap+TLS and ldaps fail for me in smbd, I've been treating them 
as equivalent so far. I guess I could dig more into the ldaps connection 
type as I did for TLS, with tshark and gdb; maybe something different 
will present itself...


More information about the samba mailing list