Re: [Samba] Samba + LDAP + TLS

Gerald (Jerry) Carter wrote:

> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> Jukka Hienola wrote:
>
> | So, our name server was unavailable this morning due
> | to OS update. Division's Samba and LDAP services are
> | running on same server, and Samba is using TLS in
> | connecting to LDAP service. Because some of the network
> | names were not resolvable, I changed "passdb backend =
> | ldapsam:ldap://ldap.server.name/" to "passdb backend =
> | ldapsam:ldap://127.0.0.1/" in smb.conf, although I have
> | ldap.server.name also in /etc/hosts, just in case. In
> | file /etc/nsswitch.conf I have line "hosts: files dns".
> | After I restarted Samba, I just couldn't login to
> | domain anymore either with any machine or domain user accounts.
> | Samba gave me errors like
> |
> | smbd[1956]: [2005/10/24 11:03:17, 0]
> | lib/smbldap.c:smbldap_open_connection(677)
> | smbd[1956]: Failed to issue the StartTLS instruction: Connect error
>
> My immediate guess would be that the conect failed due to
> a mismatch in the server name's cert. Make sure you can
> run 'ldapsearch -ZZ -h 127.0.0.1 ...'
>
Yes I can. Any other way to connect to LDAP service via TLS works fine
except Samba.

Jukka
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/listinfo/samba