I'm trying to get Samba to use StartTLS when talking to my LDAP servers, but I've run into a problem. We use a round-robin DNS setup for our LDAP servers, so the certificate name doesn't match the name Samba is calling them. This isn't a problem for OpenLDAP/nss_ldap, because I can specify: TLS_REQCERT never ...in their various config files. For Samba I can't seem to find a parallel configuration option, so I keep getting: [2007/01/18 11:00:29, 0] lib/smbldap.c:smb_ldap_start_tls(546) Failed to issue the StartTLS instruction: Connect error Is it possible to tell Samba not to check the cert names? I really don't care about the identity assurance part of TLS, I just want encryption. Thanks! Chris St. Pierre Unix Systems Administrator Nebraska Wesleyan University ---------------------------- Never send mail to thobrux@nebrwesleyan.edu