Mailinglist Archive: opensuse (1786 mails)

< Previous Next >
[opensuse] samba and StartTLS
Hi
Scenario:
Lan with 11.4 server and Linux, win-xp and win7 clients.

The Linux clients can login fine under TLS:

Nov 10 11:31:22 hh1 slapd[1727]: conn=1243 op=0 STARTTLS
Nov 10 11:31:22 hh1 slapd[1727]: conn=1243 op=0 RESULT oid= err=0 text=
Nov 10 11:31:22 hh1 slapd[1727]: conn=1243 fd=23 TLS established tls_ssf=256
ssf=256
Nov 10 11:31:22 hh1 slapd[1727]: conn=1243 op=1 BIND dn="" method=128
<- - - lots of lines cut - - ->
Nov 10 11:31:22 hh1 slapd[1727]: conn=1243 op=3 BIND
dn="uid=lynn2,ou=people,dc=site" method=128

The windows clients can login but are denied access to their home folder:

Nov 10 11:20:16 hh1 smbd[6066]: [2011/11/10 11:20:16.268556, 0]
lib/smbldap.c:731(smb_ldap_start_tls)
Nov 10 11:20:16 hh1 smbd[6066]: Failed to issue the StartTLS instruction:
Connect error

If smb.conf contains the line:

ldap ssl = start tls

windows clients can login, but are denied access to do anything with their
home folders. Uncommenting this line and resarting smb allows windows clients
both to login and gain access to their home folder.

Summary: Samba without TLS works. Samba with TLS doesn't.

Can I confirm:
1. That LDAP is working.
2. That the CA and server certificates (signed by the CA) are correct.
3. The problem is with smb.conf
4. There is a bug in the Yast samba server setup

and lastly after much googling and reading, can anyone help me get rid of the
samba tls issue?
Thanks L x
--
To unsubscribe, e-mail: opensuse+unsubscribe@xxxxxxxxxxxx
To contact the owner, e-mail: opensuse+owner@xxxxxxxxxxxx

< Previous Next >
Follow Ups