hi,
have you tested your certificate? the FQDN of the LDAP-server has to be
filled in the cn= field.
assuming you're using linux and openldap you can check it with
"ldapsearch -x -ZZ -v -d3 | less"
if you do see your objects than tls in general should be fine.
please note that openldap 2.1.x no longer accepts
self-signed-certificates.
hth,
guenther
On Fri, Aug 23, 2002 at 04:52:08PM +0800, Hardi Gunawan
wrote:> Hi,
>
> I've a problem in connecting samba 2.2.5 to LDAP with ldap ssl =
start_tls.
> I've already patched the file pdb_ldap.c and configure.in and run
autconf (as
> described in the Samba-LDAP-PDC howto).
>
> However, doing a rpcclient servername -U root%password -c
"enumprinters" shows
> this in the log:
>
> [2002/08/23 16:50:44, 0] passdb/pdb_ldap.c:ldap_open_connection(181)
> Failed to issue the StartTLS instruction: Connect error
> [2002/08/23 16:50:44, 1] smbd/password.c:pass_check_smb(545)
> Couldn't find user 'root' in passdb.
> [2002/08/23 16:50:45, 0] passdb/pdb_ldap.c:ldap_open_connection(181)
> Failed to issue the StartTLS instruction: Connect error
> [2002/08/23 16:50:45, 1] smbd/password.c:pass_check_smb(545)
> Couldn't find user 'root' in passdb.
> [2002/08/23 16:50:45, 1] smbd/reply.c:reply_sesssetup_and_X(998)
> Rejecting user 'root': authentication failed
>
> Has anyone experienced this?
> --
> To unsubscribe from this list go to the following URL and read the
> instructions: http://lists.samba.org/mailman/listinfo/samba
--
Guenther Deschner guenther.deschner@suse.de
SuSE Linux AG GnuPG: 8EE11688
Berliner Str. 27 phone: +49 (0) 30 / 430944778
D-13507 Berlin fax: +49 (0) 30 / 43732804
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 232 bytes
Desc: not available
Url :
http://lists.samba.org/archive/samba/attachments/20020823/8fe24574/attachment.bin