Bug#411042: [Pkg-samba-maint] Bug#411042: samba -dosen't connect to
Mgr. Peter Tuharsky
tuharsky at misbb.sk
Mon Feb 19 14:58:17 CET 2007
Steve Langasek wrote / napísal(a):
> On Mon, Feb 19, 2007 at 07:31:25AM +0100, Mgr. Peter Tuharsky wrote:
>> Steve Langasek wrote / napísal(a):
>>> On Thu, Feb 15, 2007 at 01:36:51PM +0100, Mgr. Peter Tuharsky wrote:
>>>> We've had a working Samba/LDAP domain based on Sarge. Now we're trying
>>>> to move to Etch. We recycled old configs, or modified the new ones to be
>>>> Now, when I start Samba, it seems it cannot connect the LDAP server.
>>>> I've got these errors in log:
>>>> Failed to issue the StartTLS instruction: Connect error
>>>> Connection to LDAP server failed for the 1 try!
>>>> Soon, the smbd exits.
>>> Could you please post your smb.conf?
>> Of course. Here You are.
> Ok, nothing seems out of the ordinary here, that's too bad -- no easy answer
The odd thing ("no easy answers TM") is, that despite of the errors in
log, the Samba domain WORKS for a little while. Machines and users log
on, as if nothing happened. Users get authenticated, network shares are
connected. After several tens of seconds (minute or so) smbd dies and
domain dies with it.
The second odd thing is, that the very LDAP works well too. We can
authenticate against LDAP server from SMTP, IMAP and eGroupWare, and
local machine user's logon using PAM-LDAP. Just when we run Samba on the
server to allow Windows domain logons, the Samba acts as described above..
>> passdb backend = ldapsam:"ldap://vedko6.misbb.sk:389"
> Are the quotes necessary here? I'm not sure that removing them would make
> any difference.
We'll try to remove the quotes, however it works with them in Sarge well.
>> # 070215: Povodne bolo:
>> # ldap ssl = start_tls
>> # Lenze vraj Samba 3.x nepodporuje LDAP over SSL, iba ldap_start_tls
>> # takze to vraj ma byt bez podtrhovnika start tls:
>> # a niektori dokonca uvadzaju ldap ssl = off
>> ldap ssl = start tls
> Well, that seems it really ought to be sufficient, yes.
> How do you have libldap configured to verify the SSL certificates? If you
> try to connect to the server with ldapsearch, do you get the same error?
Please, specify, what kind of info do You need here. I don't understand
Tomorow, we will try to remove the TLS, since the LDAP and Samba domain
are running on the same machine. As TLS encrypts just the communication
between them (hopefully, AFAIK???), it seems it is not needed there
(???). This is just a workaround however, and not everybody can afford it.
More information about the Pkg-samba-maint