[Samba] Stymied with samba vs openldap SSL ("Failed to issue the StartTLS instruction...")
Graham Allan
allan at physics.umn.edu
Fri Jan 8 21:00:56 UTC 2016
I've followed this through with every idea I can grasp at so far without
much luck.
I hacked up a quick 30-line c program to connect to ldap using the same
URI and credentials as used in samba - works fine.
When I follow the execution of smbd in gdb, the problem occurs when calling:
ldap_simple_bind_s(ldap_struct, ldap_state->bind_dn,
ldap_state->bind_secret);
in smbldap_connect_system (smbldap.c), which returns:
failed to bind to server ldaps://ldap1.spa.umn.edu with
dn="cn=admin,dc=physics,dc=umn,dc=edu" Error: Can't contact LDAP server
error:0D0C5006:asn1 encoding routines:ASN1_item_verify:EVP lib
I'm debugging this with samba 3.6 just because it's simpler and with
fewer dependencies than 4.x
In gdb I can examine ldap_state->bind_dn and ldap_state->bind_secret,
and see that they are the same as my simple test program. gdb won't show
me ldap_struct, but it appears to be set up by:
ldap_initialize(ldap_struct, uri)
in smb_ldap_setup_conn, where I can see that uri is also the same as my
working test program.
So I'm at a loss to explain why it can fail. My test program doesn't
call ldap_set_option at all, so maybe something smbd does there might
explain it?
I believe the original poster on this thread is describing the same
issue (but no resolution):
https://forums.freebsd.org/threads/samba-openldap-tls-problems.44179/
G.
--
More information about the samba
mailing list