Bug#411042: [Pkg-samba-maint] Bug#411042: samba -dosen't connect to OpenLDAP

Steve Langasek vorlon at debian.org
Wed Feb 21 00:20:00 CET 2007

On Mon, Feb 19, 2007 at 02:58:17PM +0100, Mgr. Peter Tuharsky wrote:
> The odd thing ("no easy answers TM") is, that despite of the errors in 
> log, the Samba domain WORKS for a little while. Machines and users log 
> on, as if nothing happened. Users get authenticated, network shares are 
> connected. After several tens of seconds (minute or so) smbd dies and 
> domain dies with it.

Are there any log messages when the smbd dies?

> The second odd thing is, that the very LDAP works well too. We can 
> authenticate against LDAP server from SMTP, IMAP and eGroupWare, and 
> local machine user's logon using PAM-LDAP. Just when we run Samba on the 
> server to allow Windows domain logons, the Samba acts as described above..

And all of these other clients are configured to use starttls?

> >How do you have libldap configured to verify the SSL certificates?  If you
> >try to connect to the server with ldapsearch, do you get the same error?
> Please, specify, what kind of info do You need here. I don't understand 
> that.

E.g., an /etc/ldap/ldap.conf on another system I know uses starttls has this

  TLS_CACERT /etc/ldap/cacert.pem

Do you have a similar configuration ensuring the integrity of the SSL
connection?  (It sounds like you must, if other clients connect
successfully, but I just want to be sure.)

And if you connect to the LDAP server using ldapsearch -ZZ -h vedko6.misbb.sk,
does it connect successfully?

Steve Langasek                   Give me a lever long enough and a Free OS
Debian Developer                   to set it on, and I can move the world.
vorlon at debian.org                                   http://www.debian.org/

More information about the Pkg-samba-maint mailing list