I have the same problem after upgrading. I use start_tls mechanism on port 389 (not 636). After trying some ciphers and doing :
% echo debug 1 >> /etc/libnss-ldap.conf % getent passwd I get: [...] TLS: can't connect: Insufficient credentials for that request.. or TLS: can't connect: A TLS packet with unexpected length was received.. ...depending on ciphers I choose. Then I commented out ciphers line from slapd.conf and libnss-ldap.conf/pam_ldap.conf and it seemed to work...for a second... Postfix sasl authentication over TLS stopped working: warning: SASL authentication failure: size read failed warning: SASL authentication failure: Password verification failed warning: SASL PLAIN authentication failed: generic failure smbd crashes on start: [2008/01/30 01:13:14, 2] lib/smbldap.c:smbldap_open_connection(786) smbldap_open_connection: connection opened [2008/01/30 01:13:14, 2] passdb/pdb_ldap.c:init_group_from_ldap(2158) init_group_from_ldap: Entry found for group: 544 [2008/01/30 01:13:14, 0] lib/fault.c:fault_report(41) =============================================================== [2008/01/30 01:13:14, 0] lib/fault.c:fault_report(42) INTERNAL ERROR: Signal 11 in pid 6940 (3.0.28) Please read the Trouble-Shooting section of the Samba3-HOWTO [2008/01/30 01:13:14, 0] lib/fault.c:fault_report(44) From: http://www.samba.org/samba/docs/Samba3-HOWTO.pdf [2008/01/30 01:13:14, 0] lib/fault.c:fault_report(45) =============================================================== [2008/01/30 01:13:14, 0] lib/util.c:smb_panic(1633) PANIC (pid 6940): internal error [2008/01/30 01:13:14, 0] lib/util.c:log_stack_trace(1737) BACKTRACE: 20 stack frames: #0 /usr/sbin/smbd(log_stack_trace+0x2d) [0x827c12d] #1 /usr/sbin/smbd(smb_panic+0x5d) [0x827c25d] #2 /usr/sbin/smbd [0x8266e4a] #3 [0x25f2b420] #4 /usr/lib/libldap_r-2.4.so.2(ldap_install_tls+0x22) [0x26a70ff2] #5 /lib/libnss_ldap.so.2 [0x26a242ae] #6 /lib/libnss_ldap.so.2 [0x26a248e6] #7 /lib/libnss_ldap.so.2 [0x26a24f5a] #8 /lib/libnss_ldap.so.2(_nss_ldap_initgroups_dyn+0x24e) [0x26a2731e] #9 /lib/libc.so.6 [0x26264b16] #10 /lib/libc.so.6(getgrouplist+0x59) [0x26264db9] #11 /usr/sbin/smbd [0x829b498] #12 /usr/sbin/smbd(getgroups_unix_user+0x4e) [0x829b54e] #13 /usr/sbin/smbd [0x822ecd4] #14 /usr/sbin/smbd(pdb_enum_group_memberships+0x3c) [0x823017c] #15 /usr/sbin/smbd(make_server_info_sam+0xbc) [0x82c6f3c] #16 /usr/sbin/smbd(init_guest_info+0xb3) [0x82c7b03] #17 /usr/sbin/smbd(main+0x69b) [0x834a8eb] #18 /lib/libc.so.6(__libc_start_main+0xe0) [0x261e8450] #19 /usr/sbin/smbd [0x8093fd1] As I don't have enough knowledge and time to debug this I simply downgraded slapd (and nss-ldap/pam-ldap to a version before rebuilding against libldap-2.4-2) and now everything works fine as before. Regards, Vedran Furač