I just installed samba 2.2.7 on Mandrake 9 with OpenLDAP support. I have set up OpenLDAP and everything is cool. When I try to add a user I get: [root@luna openldap]# smbpasswd -a jim New SMB password: Retype new SMB password: Failed to issue the StartTLS instruction: Connect error Failed to issue the StartTLS instruction: Connect error Failed to add entry for user jim. Failed to modify password entry for user jim so I jumped in to smb.conf and disabled ldap ssl = start tls. Then I got: [root@luna openldap]# smbpasswd -a jim New SMB password: Retype new SMB password: LDAPS option set...! ldap_connect_system: Binding to ldap server as "cn=root,dc=dsc,dc=mine,dc=nu" Bind failed: Can't contact LDAP server LDAPS option set...! ldap_connect_system: Binding to ldap server as "cn=root,dc=dsc,dc=mine,dc=nu" Bind failed: Can't contact LDAP server Failed to add entry for user jim. Failed to modify password entry for user jim I am kinda at a loss here. Sorry for being so vague but can anyone give me any ideas of what to check out? Jim
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Wed, 29 Jan 2003, Jim Wharton wrote:> I just installed samba 2.2.7 on Mandrake 9 with OpenLDAP support. I have set > up OpenLDAP and everything is cool. When I try to add a user I get: > > [root@luna openldap]# smbpasswd -a jim > New SMB password: > Retype new SMB password: > Failed to issue the StartTLS instruction: Connect error > Failed to issue the StartTLS instruction: Connect error > Failed to add entry for user jim. > Failed to modify password entry for user jim > > so I jumped in to smb.conf and disabled ldap ssl = start tls. Then I got:ldap ssl default to "on" which implies LDAPS. if you want clear text communication, you need to set "ldap ssl = off" cheers, jerry ---------------------------------------------------------------------- Hewlett-Packard ------------------------- http://www.hp.com SAMBA Team ---------------------- http://www.samba.org GnuPG Key ---- http://www.plainjoe.org/gpg_public.asc "You can never go home again, Oatman, but I guess you can shop there." --John Cusack - "Grosse Point Blank" (1997) -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.0 (GNU/Linux) Comment: For info see http://quantumlab.net/pine_privacy_guard/ iD8DBQE+OEl6IR7qMdg1EfYRAjmYAJ0UTK3VBBiRnTDcV1DSx3+S6O1UeQCeMAQE no6He8xyz3nogR7Mdul77xM=6/Mb -----END PGP SIGNATURE-----
> Date: Wed, 29 Jan 2003 15:36:57 -0600 (CST) > From: "Gerald (Jerry) Carter" <jerry@samba.org> > To: Jim Wharton <jwharton@acpafl.org> > Cc: samba@lists.samba.org > Subject: Re: [Samba] Samba LDAP user adding > Message-ID: <Pine.LNX.4.44.0301291536030.18022-100000@queso.plainjoe.org> > In-Reply-To: <6BF04299B3649344A5074AA9DF734DE012BAA9@ad.acpa.net> > Content-Type: TEXT/PLAIN; charset=US-ASCII > MIME-Version: 1.0 > Precedence: list > Message: 14>>> I just installed samba 2.2.7 on Mandrake 9 with OpenLDAP support. I have set >>> up OpenLDAP and everything is cool. When I try to add a user I get:If you are using RPMs (such as from http://ranger.dnsalias.com/mandrake/samba) Note that there is a path setting in the default /etc/samba/smbldap_conf.pm that is incorrect, mkntpwd is in /usr/sbin and not /usr/local/sbin>>> >>> [root@luna openldap]# smbpasswd -a jim >>> New SMB password: >>> Retype new SMB password: >>> Failed to issue the StartTLS instruction: Connect error >>> Failed to issue the StartTLS instruction: Connect error >>> Failed to add entry for user jim. >>> Failed to modify password entry for user jim >>> >>> so I jumped in to smb.conf and disabled ldap ssl = start tls. Then I got: > > > ldap ssl default to "on" which implies LDAPS. if you want clear text > communication, you need to set "ldap ssl = off"Preferred option would be to fix ssl or tls, which requires that you generate an ssl cert with the hostname on it that matches the hostname set in smb.conf (and /etc/ldap.conf if you want to tls/ssl for pam_ldap/nss_ldap). Jerry, you are aware that samba defaults to using port 636 for tls when (AFIAK) it should be using port 389? (hint if you want to use tls, you need to set: ldap ssl = start_tls ldap port = 389 ) -- |--------------Another happy Mandrake Club member--------------| Buchan Milne Mechanical Engineer, Network Manager Cellphone * Work +27 82 472 2231 * +27 21 8828820x121 Stellenbosch Automotive Engineering http://www.cae.co.za GPG Key http://ranger.dnsalias.com/bgmilne.asc 1024D/60D204A7 2919 E232 5610 A038 87B1 72D6 AC92 BA50 60D2 04A7
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Thu, 30 Jan 2003, Buchan Milne wrote:> > ldap ssl default to "on" which implies LDAPS. if you want clear text > > communication, you need to set "ldap ssl = off" > > Preferred option would be to fix ssl or tls, which requires that you > generate an ssl cert with the hostname on it that matches the hostname > set in smb.conf (and /etc/ldap.conf if you want to tls/ssl for > pam_ldap/nss_ldap). > > Jerry, you are aware that samba defaults to using port 636 for tls when > (AFIAK) it should be using port 389?Yeah. I just found this yesterday. Fixed in CVS and will be in the 2.2.8pre1 out tomorrow. cheers, jerry ---------------------------------------------------------------------- Hewlett-Packard ------------------------- http://www.hp.com SAMBA Team ---------------------- http://www.samba.org GnuPG Key ---- http://www.plainjoe.org/gpg_public.asc "You can never go home again, Oatman, but I guess you can shop there." --John Cusack - "Grosse Point Blank" (1997) -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.0 (GNU/Linux) Comment: For info see http://quantumlab.net/pine_privacy_guard/ iD8DBQE+OUMCIR7qMdg1EfYRAmSCAJ4rJlaiccEMbBl+cD8ZPDT3Yl1VTACfa4BO BaQHIRHUlrBnB+M9um35rck=9o7K -----END PGP SIGNATURE-----