I had everything working great but we needed to switch our PDC and File server to connect to the production ldap server farm. They were both using tls with NO PROBLEM. So I switched the ldap host name and now both are not secure :( This is one of the weirdest thing I've see. With TLS turned on --- The PDC wont try to bind as the dn specified. So the server cant see any attributes due to the aci's. The File Server returns the ..SSL routines:SSL3_GET_SERVER_CERTIFICATE...cant verify.. error I am stumped all I did was change the host in my smb.conf. Any ideas???