Failed To Issue The Starttls Instruction Protocol Error Samba
Enterprise Samba binaries. The latest version they distribute at the time of writing is 3.4.9. My samba install talks to an failed to issue the starttls instruction connect error ldap backend and the above error was shown upon starting the new failed to issue the starttls instruction can't contact ldap server version. Seems they added (or changed the default) option for the ldap protocol in smb.conf. Adding:ldap ssl = off makes the error go away.Cool. Posted by Kenneth Westelinck at 7:34 PM Labels: Debian, Linux, Samba 5 comments: klausengelmann said... Kenny:Your tip was great. It solved me a big problem.Thanks, 8:08 PM Anonymous said... It helps me a lot too, thanks 10:32 AM Tin said... Hmmm - after an hour of trying to work out why my 2 new servers were so dang slow to connect, it turns out to be this easy. I'd been running around OpenLDAP trying to fix it's indexing complaints instead (and managed to hose the data at one stage - lucky I'd backed up a few hours earlier).One massive note to people - this makes Samba talk to LDAP in plain text. The traffic could be monitored by malicious users and passwords can be stolen quite easily. This includes administrative passwords like the root DN password! 4:01 AM Subhajit Chakraborty said... Thanks sir 5:49 AM Anonymous said... Thanks you save my day 4:10 PM Post a Comment Newer Post Older Post Home Subscribe to: Post Comments (Atom) Links Google Tom's Blog Den kleinen Mule Blog Archive ► 2013 (2) ► December (2) ► 2012 (3) ► May (1) ► April (2) ► 2011 (6) ► November (1) ► September (2) ► August (1) ► February (1) ► January (1) ▼ 2010 (8) ▼ December (4) Restoring files manually from a mondo backup Failed to issue the StartTLS instruction: Protocol... Building queries ... the easy way Updating the location for your photo's in f-spot ► May (3) ► February (1) ► 2009 (2) ► January (2) ► 2008 (27) ► December (8) ► Nove
by: "Mgr. Peter Tuharsky"
Format For Printing -XML -Clone This Bug -Last Comment First Last Prev Next This bug is not in your last search results. Bug663485 - Failed to issue the StartTLS https://bugzilla.redhat.com/show_bug.cgi?id=663485 instruction: Connect error Summary: Failed to issue the StartTLS instruction: Connect error Status: CLOSED DUPLICATE of bug 636956 Aliases: None Product: Fedora Classification: Fedora Component: openldap (Show other bugs) Sub Component: --- Version: 14 Hardware: i686 http://blog.zwiegnet.com/linux-server/samba-failed-to-issue-the-starttls-instruction-connect-error/ Linux Priority low Severity medium TargetMilestone: --- TargetRelease: --- Assigned To: Guenther Deschner QA Contact: Fedora Extras Quality Assurance Docs Contact: URL: Whiteboard: Keywords: Depends On: Blocks: Show dependency tree /graph Reported: 2010-12-15 failed to 17:36 EST by Zoran Pericic Modified: 2011-01-18 20:51 EST (History) CC List: 6 users (show) bbuesker gdeschner jvcelak mike rmeggins ssorce See Also: Fixed In Version: Doc Type: Bug Fix Doc Text: Story Points: --- Clone Of: Environment: Last Closed: 2011-01-18 20:51:33 EST Type: --- Regression: --- Mount Type: --- Documentation: --- CRM: Verified Versions: Category: --- oVirt Team: --- RHEL 7.3 requirements from Atomic Host: Cloudforms Team: --- Attachments (Terms failed to issue of Use) Samba log with ldap debug level = -1 and some debug patches. (8.16 KB, text/x-log) 2010-12-26 14:35 EST, Zoran Pericic no flags Details Tempoary patch to enahance tls_m.c debbuging. (5.69 KB, patch) 2010-12-26 14:36 EST, Zoran Pericic no flags Details | Diff Tempoary patch to enhance samba-ldap debugging (1.14 KB, patch) 2010-12-26 14:37 EST, Zoran Pericic no flags Details | Diff Add an attachment (proposed patch, testcase, etc.) Groups: None (edit) Description Zoran Pericic 2010-12-15 17:36:53 EST Description of problem: Samba BDC can't connect to existing OpenLDAP with TLS when clients try to connect to samba. In main log (/var/log/samba/log.smb) I could see that samba could connect to server and it could retrieve info. Also pdbedit tool works correctly. But when client try to connect I get: "Failed to issue the StartTLS instruction: Connect error" On pre FC14 samba can connect correctly, but with FC14 it always fail. I'am using existing self-signed CA generated with OpenSSL and server signed with that CA. OpenLDAP is configured with thease certificates and it's working. nss_ldap and pam_ldap are working on all systems. All certificates are valid and has not expired. ldapsearch and other ldap clients works ok. Version-Release number of selected component (if applicable): samba-3.5.6-71.fc14.i686 nss-3.12.8-2.fc14.i686 openldap-2.4.23-4.fc14.i686 nspr-4.8.6-1.fc14.i686 How reproducible: Configure samb
Plan - Why it's Necessary and What May Be NeededRsync vs TAR Backup CentOS LinuxOffsite Backup Script LinuxInstall Security updates only Yum CentOSAcceptable timeframe to restore hosted servicesLinux TutorialsConfigure DHCP Server CentOS 6Expand a Filesystem on CentOS LinuxFind Version of Linux You are RunningInstall RPM Package on CentOS LinuxLinux ConsultingLinux Server TypesMount CIFS/Windows Share on FedoraMount NFS Share on CentOS 5OpenCobol 2.0 Spec File CentOS/RedHat 6Patching and Installing Updates on CentOSUn-Install Zimbra Community CentOS 6Untangle 9.3 Backup ScriptUse DD to Clone Linux Hard DriveWhere To Get Linux?Choosing a Smart Root PasswordMySQL Replication CentOS All DatabasesInstall 389 Directory Server CentOSInstall Webmin on CentOS 5Active Directory 389 Directory Server SyncInstall Webmin on CentOS 6389 Directory Server MultiMaster Replication CentOSConfigure LDAP Server on CentOS 6Configuring Network CentOS 6Expand SAN LUN Oracle Linux 6Install Zimbra Community CentOS 6Mount a Drive on CentOS LinuxMount SAN Volume Oracle LinuxSetting up NTP CentOS 6 network time syncronizing389 Directory Server Password Policy CentOSConfigure TLS/SSL 389 Directory Server CentOS389 Directory Server TLS Client CentOSSetup CentOS IPv6Change Default Folder for Linux UserConfigure Kickstart CentOS 6Configure MySQL Multi-Master ReplicationConfigure NFS for CentOS 5Create Samba Share for Active DirectoryDisable SELinux CentOS 7Fixing Broken Packages LinuxImport a PST Into Zimbra CommunityInstall Ksplice on Linux MintInstall OpenVAS on CentOSInstall Webmin on CentOS 6.3Mounting an ISO on CentOS LinuxSetup NFS Server on CentOS 6Setup Webmin For GmailMount Floppy Drive on CentOS LinuxMount NFS Share Windows 7Get List of Folder Names With ls and awkMounting Windows Share