-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Does anyone know what this error means: [root@ldap2 samba]# net getlocalsid [2009/07/07 17:04:00, 0] lib/smbldap.c:smb_ldap_start_tls(600) Failed to issue the StartTLS instruction: Protocol error [2009/07/07 17:04:01, 0] lib/smbldap.c:smb_ldap_start_tls(600) Failed to issue the StartTLS instruction: Protocol error [2009/07/07 17:04:02, 0] lib/smbldap.c:smb_ldap_start_tls(600) Failed to issue the StartTLS instruction: Protocol error [2009/07/07 17:04:03, 0] lib/smbldap_util.c:smbldap_search_domain_info(310) smbldap_search_domain_info: Adding domain info for FDSAMBA failed with NT_STATUS_UNSUCCESSFUL SID for domain LDAP2 is: xyz..... I am trying to install samba on fedora 11 and got this error. I didnt get this error when I installed it on f9 or f10. I also got this error when trying to do the net group map: [root@ldap2 MigrationTools-47]# net groupmap add rid=2512 ntgroup='Domain Admins' unixgroup='Domain Admins' [2009/07/07 17:16:22, 0] lib/smbldap.c:smb_ldap_start_tls(600) Failed to issue the StartTLS instruction: Protocol error [2009/07/07 17:16:23, 0] lib/smbldap.c:smb_ldap_start_tls(600) Failed to issue the StartTLS instruction: Protocol error [2009/07/07 17:16:24, 0] lib/smbldap.c:smb_ldap_start_tls(600) Failed to issue the StartTLS instruction: Protocol error [2009/07/07 17:16:26, 0] lib/smbldap.c:smb_ldap_start_tls(600) Failed to issue the StartTLS instruction: Protocol error [2009/07/07 17:16:27, 0] lib/smbldap.c:smb_ldap_start_tls(600) Failed to issue the StartTLS instruction: Protocol error adding entry for group Domain Admins failed! Thanks, -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (GNU/Linux) Comment: Using GnuPG with Fedora - enigmail.mozdev.org iEYEARECAAYFAkpTyi8ACgkQ5B+8XEnAvqthjQCfYpV99pndm0vKk+dVhFpdM6Bj XSgAn0zs1k3WxmZ3UqrEJqbdE9+O1cVc =y8G2 -----END PGP SIGNATURE-----
On Tue, Jul 7, 2009 at 7:20 PM, David Christensen<David.Christensen@viveli.com> wrote:> Does anyone know what this error means: > > [root@ldap2 samba]# net getlocalsid > [2009/07/07 17:04:00, 0] lib/smbldap.c:smb_ldap_start_tls(600) > Failed to issue the StartTLS instruction: Protocol errorWhat version is your ldap server? Does it support TLS? What is your password backend?
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Jonathon Doran wrote:>> On Wed, Jul 8, 2009 at 11:41 AM, David >> Christensen<David.Christensen@viveli.com> wrote: >>>>> I took a look at the /var/log/message log and see: >>>> with ldap ssl = off ??? >>> Yes, as soon as I enable ldapsam as the password DB, even with ldap ssl >>> = off, smb keeps trying to do a StartTLS. > > Did you put "ssl off" in ldap.conf?I finally got StartTLS turned off, not sure if I had an extra character in the smb.conf file near ldap ssl, but rewriting the conf file fixed it. Question, is there a minimum length requirement for the local SID, when I run net getlocalsid it seems rather short. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (GNU/Linux) Comment: Using GnuPG with Fedora - enigmail.mozdev.org iEYEARECAAYFAkpU2YMACgkQ5B+8XEnAvqvyfACeMXV8T1bddPgsh9TcVBTgTnP5 NVMAn0qDCpeTe4YfI5AcDTrUTdWeDPnt =oWsQ -----END PGP SIGNATURE-----