>Did you try w/o start TLS support? I realize this can have security
implications, so this is only to see if the problem is with TLS or with
the configuration in general.
I have tried without TLS support and without SSL (replaced ldaps with ldap)
passdb backend = ldapsam:ldap://<company_ldap_server>/
ldap ssl = off
ldap admin dn = cn=Adminid,dc=xxx,dc=yyy,dc=zzz
ldap suffix = dc=xxx,dc=yyy,dc=zzz
ldap delete dn = no
ldap user suffix = ou=People
ldap group suffix = ou=Groups
Now I get the following error:
[2013/05/16 16:38:14, 0] lib/smbldap.c:1052(smbldap_connect_system)
failed to bind to server ldap://<company_ldap_server>/ with
dn="cn=Adminid,dc=xxx,dc=yyy,dc=zzz" Error: Confidentiality required
(unknown)
>It the LDAP server is on the same server as the samba server then I
don't think you will need TLS encryption, since there isn't LAN traffic
to snoop.
Our LDAP server is not on the same server. It is a central enterprise server
>don't forget to set set the ldap password with "smbpasswd -w"
I did this part for the Adminid
>Also I think "ldaps" means ldap over SSL, not ldap+tls. I would also
use ldapclient tools (e.g. the command line ldapsearch or the gui Apache
Directory Studio ldap browser and editor) to make sure you can connect
to the ldap server via LDAP, LDAP+TLS and/or LDAPS-over-SSL. You
need to make sure you have all the certificates configured correctly.
LDAP authentication works perfectly directly from our AIX server. I can do
ldapsearches and can login with my ldap credentials etc.. Only samba
authentication doesn't work
Thanks, Prakash
**********************************************************
Electronic Mail is not secure, may not be read every day, and should not be
used for urgent or sensitive issues
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba
