Failed To Issue The Starttls Instruction Protocol Error Samba Ldap
Get Kubuntu Get Xubuntu Get Lubuntu Get UbuntuStudio Get Mythbuntu Get Edubuntu Get Ubuntu-GNOME Get UbuntuKylin Ubuntu Code of Conduct Ubuntu Wiki Community Wiki Other Support Launchpad Answers Ubuntu IRC Support AskUbuntu Official Documentation User Documentation Social Media Facebook Twitter Useful Links Distrowatch Bugs: Ubuntu PPAs: Ubuntu Web Upd8: Ubuntu OMG! Ubuntu Ubuntu Insights Planet Ubuntu Activity Page Please read before SSO login Advanced Search Forum The Ubuntu Forum Community Ubuntu Specialised Support Ubuntu Servers, Cloud and Juju Server Platforms [ubuntu] Authenticate new samba fileserver using existing Samba ldap PDC. Having an Issue With Posting ? Do you want to help us debug the posting issues ? < is the place to report it, thanks ! Page 1 of 4 123 ... Last Jump to page: Results 1 to 10 of 38 Thread: Authenticate new samba fileserver using existing Samba ldap PDC. Thread Tools Show Printable Version Subscribe to this Thread… Display Linear Mode Switch to Hybrid Mode Switch to Threaded Mode October 28th, 2010 #1 davidg121 View Profile View Forum Posts Private Message First Cup of Ubuntu Join Date Jul 2010 Beans 3 Authenticate new samba fileserver using existing Samba ldap PDC. Current setup.... Existing Domain controller which uses ldap to auth users, running 10.04. Works perfectly... I want to add a file server using samba that auths to the same ldap server, i have googled around looking, but haven't found too much current and relevant information. Any help would be appreciated. Adv Reply October 29th, 2010 #2 david.garceau View Profile View Forum Posts Private Message A Carafe of Ubuntu Join Date Jul 2010 Beans 89 Re: Authenticate new samba fileserver using existing Samba ldap PDC. bump, (not sure why i have two accounts...) lol Adv Reply October 30th, 2010 #3 david.garceau View Profile View Forum Posts Private Message A Carafe of Ubuntu Join Date Jul 2010 Beans 89 Re: Authenticate new samba fileserver using existing Samba ldap PDC. 53 views and nothing Adv Reply October 31st, 2010 #4 luvshin
instruction...") Next message: [Samba] Stymied with samba vs openldap SSL ("Failed to issue the StartTLS instruction...") Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] On Tue, Jan 5, 2016 at 3:35 PM, Graham Allan
Sun, 28 Jun 2009 15:35:15 +0200 Hi, I need help, I have try to setup the DS with samba. when I follow the https://www.redhat.com/archives/fedora-directory-users/2009-June/msg00192.html samba guide, I get som error. ######################### [root serv389 samba]# smbpasswd https://blog.hqcodeshop.fi/archives/64-Samba-4-ldaps-server-functionality.html -a Administrator Failed to issue the StartTLS instruction: Protocol error Connection to LDAP server failed for the 1 try! Failed to issue the StartTLS instruction: Protocol error Connection to LDAP server failed for the 1 try! Failed to issue the StartTLS instruction: Protocol error failed to Connection to LDAP server failed for the 1 try! add_new_domain_info: failed to add domain dn= sambaDomainName=KUNDDOMAIN,dc=kunddomain,dc=se with: Insufficient access Insufficient 'add' privilege to add the entry 'sambaDomainName=KUNDDOMAIN,dc=kunddomain,dc=se'. smbldap_search_domain_info: Adding domain info for KUNDDOMAIN failed with NT_STATUS_UNSUCCESSFUL New SMB password: Retype new SMB password: Failed to issue the StartTLS instruction: Protocol error Connection to LDAP failed to issue server failed for the 1 try! Failed to issue the StartTLS instruction: Protocol error Connection to LDAP server failed for the 1 try! Failed to initialize account for user Administrator: NT_STATUS_ACCESS_DENIED Failed to modify password entry for user Administrator ################################# [root serv389 samba]# pdbedit -U $( net getlocalsid | sed 's/SID for domain KUNDDOMAIN is: //' )-500 -u Administrator -r [2009/06/28 15:28:53, 0] lib/smbldap.c:smb_ldap_start_tls(600) Failed to issue the StartTLS instruction: Protocol error [2009/06/28 15:28:54, 0] lib/smbldap.c:smb_ldap_start_tls(600) Failed to issue the StartTLS instruction: Protocol error [2009/06/28 15:28:55, 0] lib/smbldap.c:smb_ldap_start_tls(600) Failed to issue the StartTLS instruction: Protocol error [2009/06/28 15:28:56, 0] lib/ smbldap_util.c:smbldap_search_domain_info(310) smbldap_search_domain_info: Adding domain info for KUNDDOMAIN failed with NT_STATUS_UNSUCCESSFUL Failed to issue the StartTLS instruction: Protocol error Connection to LDAP server failed for the 1 try! Failed to issue the StartTLS instruction: Protocol error Connection to LDAP server failed for the 1 try! Failed to issue the StartTLS instruction: Protocol error Connection to LDAP server failed for the 1 try! add
version 3 smb.conf had issues. See my article about getting Samba to use LDAP as userbase backend. The obvious problem was, that it didn't work. A log entry from the failue: ../source3/lib/smbldap.c:575(smbldap_start_tls) Failed to issue the StartTLS instruction: Connect error../source3/passdb/pdb_ldap.c:6531(pdb_ldapsam_init_common) pdb_init_ldapsam: WARNING: Could not get domain info, nor add one to the domain. We cannot work reliably without it.../source3/passdb/pdb_interface.c:177(make_pdb_method_name) pdb backend ldapsam:ldap://my.server did not correctly init (error was NT_STATUS_CANT_ACCESS_DOMAIN_INFO) I confirmed the existing settings: passdb backend = ldapsam:ldap://my.serverldap ssl = start tls After a nice while of reading manual pages, an attempt to fix: passdb backend = ldapsam:ldaps://my.serverldap ssl = off Yielded an improvement: ../source3/lib/smbldap.c:998(smbldap_connect_system) failed to bind to server ldaps://my.server with dn="uid=root,ou=People,dc=my,dc=domain" Error: Can't contact LDAP server TLS error -8179:Peer's Certificate issuer is not recognized.../source3/passdb/pdb_ldap.c:6531(pdb_ldapsam_init_common) pdb_init_ldapsam: WARNING: Could not get domain info, nor add one to the domain. We cannot work reliably without it.../source3/passdb/pdb_interface.c:177(make_pdb_method_name) pdb backend ldapsam:ldaps://my.server did not correctly init (error was NT_STATUS_CANT_ACCESS_DOMAIN_INFO) This, however, was an easy fix. It was a simple SElinux issue: semanage fcontext -a -t cert_t /etc/openldap/cacertsrestorecon -R -v /etc/openldap/cacerts To my amazement SElinux context does not change on a local unix-socket request. When Samba makes the request to get user information, the LDAPd certificate store needs to have proper SElinux type for the directory. OpenLDAP does not make such checks and works fully. Also allowing requests to home directories too: setsebool -P samba_enable_home_dirs 1 After all this, I was happy to get my Samba-shares working again. CUPS-printing does not. But I'll fix that on some day. by Jari Turkia in Linux at 20:00 | Comments (0) | Google | Share in LinkedIn Comments Display comments as (Linear | Threaded) No comments Add Comment Name Email Homepage In reply to [ Top level ] Comment Enclosing asterisks marks text as bold (*word*), underscore are made via _word_.Standard emoticons like :-) and ;-) are converted to images.E-Mail addresses will not be displayed and will only be used for E-Mail notifications. Remember Information? Subscribe to this entry Submitt