Hi, I using openldap 2.0.23 and samba 2.2.4 on a Redhat 7.2 Linux distrib.
I've compiled with ldap support dans It works fine in clear mode. I've configured unix auth. in order to use ldap on TLS mode, and it works also. When I try to use TLS more (or SSL on 636), it doesn't work. LDAP doesn't seem to have an error (see logs below), but samba tells "Failed to issue the StartTLS instruction: Connect error". Any idea??? Have I to use the "--with-ssl" option? It's said no. ############################################## LDAP CONF: -------------------------- ######################## # certificats et clefs TLSCertificateKeyFile /opt/openldap/pem/ldapuckey.pem TLSCertificateFile /opt/openldap/pem/ldapcert.pem TLSCACertificateFile /opt/openldap/pem/demoCA/cacert.pem ############################################## SMB CONF: -------------------------- # LDAP: ldap server = obiwan ldap port = 389 ldap suffix = "ou=samba, dc=obiwan,dc=fr" # LDAP SSL: ldap ssl = no # Root LDAP ldap admin dn = "cn=Manager,dc=obiwan,dc=fr" ############################################## SAMBA LOGS -------------------------- [2002/05/17 16:24:16, 0] passdb/pdb_ldap.c:ldap_open_connection(120) Failed to issue the StartTLS instruction: Connect error [2002/05/17 16:24:16, 1] smbd/password.c:pass_check_smb(545) Couldn't find user 'lblin' in passdb. [2002/05/17 16:24:16, 2] smbd/reply.c:reply_sesssetup_and_X(963) NT Password did not match for user 'lblin'! ############################################# LDAP LOGS: ------------------------- ldap_pvt_gethostbyname_a: host=obiwan, r=0 connection_get(9): got connid=0 connection_read(9): checking for input on id=0 ber_get_next ber_get_next: tag 0x30 len 29 contents: do_extended ber_scanf fmt ({a) ber: ber_get_next ber_get_next on fd 9 failed errno=11 (Resource temporarily unavailable) send_ldap_extended 0: (0) send_ldap_response: msgid=1 tag=120 err=0 ber_flush: 14 bytes to sd 9 connection_get(9): got connid=0 connection_read(9): checking for input on id=0 TLS trace: SSL_accept:before/accept initialization TLS trace: SSL_accept:SSLv3 read client hello A TLS trace: SSL_accept:SSLv3 write server hello A TLS trace: SSL_accept:SSLv3 write certificate A TLS trace: SSL_accept:SSLv3 write server done A TLS trace: SSL_accept:SSLv3 flush data TLS trace: SSL_accept:SSLv3 read client key exchange A TLS trace: SSL_accept:SSLv3 read finished A TLS trace: SSL_accept:SSLv3 write change cipher spec A TLS trace: SSL_accept:SSLv3 write finished A TLS trace: SSL_accept:SSLv3 flush data connection_get(10): got connid=1 connection_read(10): checking for input on id=1 ber_get_next ber_get_next: tag 0x30 len 29 contents: ber_get_next ber_get_next on fd 10 failed errno=11 (Resource temporarily unavailable) do_extended ber_scanf fmt ({a) ber: send_ldap_extended 0: (0) send_ldap_response: msgid=1 tag=120 err=0 ber_flush: 14 bytes to sd 10 connection_get(10): got connid=1 connection_read(10): checking for input on id=1 TLS trace: SSL_accept:before/accept initialization TLS trace: SSL_accept:SSLv3 read client hello A TLS trace: SSL_accept:SSLv3 write server hello A TLS trace: SSL_accept:SSLv3 write certificate A TLS trace: SSL_accept:SSLv3 write server done A TLS trace: SSL_accept:SSLv3 flush data TLS trace: SSL_accept:SSLv3 read client key exchange A TLS trace: SSL_accept:SSLv3 read finished A TLS trace: SSL_accept:SSLv3 write change cipher spec A TLS trace: SSL_accept:SSLv3 write finished A TLS trace: SSL_accept:SSLv3 flush data -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba