Re: [Samba] Samba configuration error
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Norberto Bensa wrote: On Tue, Jul 7, 2009 at 8:52 PM, David Christensendavid.christen...@viveli.com wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Norberto Bensa wrote: On Tue, Jul 7, 2009 at 8:27 PM, Norberto Bensanbe...@gmail.com wrote: On Tue, Jul 7, 2009 at 8:18 PM, David Christensendavid.christen...@viveli.com wrote: passdb backend = ldapsam:ldap://127.0.0.1 That should be plain. I.e. no tls/ssl. I'm sorry. That could be TLS if the server supports it. I took a look at the /var/log/message log and see: with ldap ssl = off ??? Yes, as soon as I enable ldapsam as the password DB, even with ldap ssl = off, smb keeps trying to do a StartTLS. -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.9 (GNU/Linux) Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org iEYEARECAAYFAkpUsA8ACgkQ5B+8XEnAvqsCBACgjZBrPSL6isf4Z8oDzFj++u+r OqwAn3toI2Wsd9t8DMbK4zWLkZtEyY/X =jj/h -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba configuration error
On Wed, Jul 8, 2009 at 11:41 AM, David Christensendavid.christen...@viveli.com wrote: I took a look at the /var/log/message log and see: with ldap ssl = off ??? Yes, as soon as I enable ldapsam as the password DB, even with ldap ssl = off, smb keeps trying to do a StartTLS. I'm out of ideas and I don't use Fedora. Maybe you want to post your config files. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba configuration error
On Wed, Jul 8, 2009 at 11:41 AM, David Christensendavid.christen...@viveli.com wrote: I took a look at the /var/log/message log and see: with ldap ssl = off ??? Yes, as soon as I enable ldapsam as the password DB, even with ldap ssl = off, smb keeps trying to do a StartTLS. Did you put ssl off in ldap.conf? -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba configuration error
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Jonathon Doran wrote: On Wed, Jul 8, 2009 at 11:41 AM, David Christensendavid.christen...@viveli.com wrote: I took a look at the /var/log/message log and see: with ldap ssl = off ??? Yes, as soon as I enable ldapsam as the password DB, even with ldap ssl = off, smb keeps trying to do a StartTLS. Did you put ssl off in ldap.conf? I finally got StartTLS turned off, not sure if I had an extra character in the smb.conf file near ldap ssl, but rewriting the conf file fixed it. Question, is there a minimum length requirement for the local SID, when I run net getlocalsid it seems rather short. -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.9 (GNU/Linux) Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org iEYEARECAAYFAkpU2YMACgkQ5B+8XEnAvqvyfACeMXV8T1bddPgsh9TcVBTgTnP5 NVMAn0qDCpeTe4YfI5AcDTrUTdWeDPnt =oWsQ -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba configuration error
On Tue, Jul 7, 2009 at 7:20 PM, David Christensendavid.christen...@viveli.com wrote: Does anyone know what this error means: [r...@ldap2 samba]# net getlocalsid [2009/07/07 17:04:00, 0] lib/smbldap.c:smb_ldap_start_tls(600) Failed to issue the StartTLS instruction: Protocol error What version is your ldap server? Does it support TLS? What is your password backend? -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba configuration error
Quoting Norberto Bensa nbe...@gmail.com: On Tue, Jul 7, 2009 at 7:20 PM, David Christensendavid.christen...@viveli.com wrote: Does anyone know what this error means: [r...@ldap2 samba]# net getlocalsid [2009/07/07 17:04:00, 0] lib/smbldap.c:smb_ldap_start_tls(600) Failed to issue the StartTLS instruction: Protocol error I completely missed this message to the list. It may still be on its way to me. Not in my inbox, nor deleted mail. Oh well, we all have bigger things to worry about. I have to respond, since this TLS stuff gave me fits for a bit. Unfortunately I don't remember exactly what I did to make it go away, but I think it was adding ssl off to the ldap.conf -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba configuration error
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Norberto Bensa wrote: On Tue, Jul 7, 2009 at 7:20 PM, David Christensendavid.christen...@viveli.com wrote: Does anyone know what this error means: [r...@ldap2 samba]# net getlocalsid [2009/07/07 17:04:00, 0] lib/smbldap.c:smb_ldap_start_tls(600) Failed to issue the StartTLS instruction: Protocol error What version is your ldap server? Does it support TLS? What is your password backend? I am using FDS, it does support TLS, but I never configured either to use TLS as part of my testing. I am using ldapsam. I did the same thing with my f9 FDS/Samba install and didn't run into this however one thing is different, when I originaly installed the f9 version I was using smbpasswd and converted to ldapsam. Does using ldapsam from the gate require TLS? -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.9 (GNU/Linux) Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org iEYEARECAAYFAkpT0b8ACgkQ5B+8XEnAvqup/QCfQGg3q9KAaJyrTEvBwDlpDBoL JH4AoIpn402rRLTtbktQwUcCRBKQbnME =7ho+ -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba configuration error
On Tue, Jul 7, 2009 at 7:52 PM, David Christensendavid.christen...@viveli.com wrote: I am using FDS, it does support TLS, but I never configured either to use TLS as part of my testing. I am using ldapsam. password backend = ldapsam:ldaps://something or just ldapsam ? Does using ldapsam from the gate require TLS? I always use SSL for ldap. you can configure samba ldap secure behavior with: ldap ssl = yes | off | start tls (default is start tls) -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba configuration error
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Norberto Bensa wrote: On Tue, Jul 7, 2009 at 7:52 PM, David Christensendavid.christen...@viveli.com wrote: I am using FDS, it does support TLS, but I never configured either to use TLS as part of my testing. I am using ldapsam. password backend = ldapsam:ldaps://something or just ldapsam ? Does using ldapsam from the gate require TLS? I always use SSL for ldap. you can configure samba ldap secure behavior with: ldap ssl = yes | off | start tls (default is start tls) passdb backend = ldapsam:ldap://127.0.0.1 I intend to deploy with SSL just didn't want to use it during my initial tests. So by default with nothing specified in smb.conf TLS is on? If so something must have been broken in f9 because it was not explicitly stated. -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.9 (GNU/Linux) Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org iEYEARECAAYFAkpT18sACgkQ5B+8XEnAvqv+VgCfTPx1+jU70zlLh2Grbaa5DbjZ EdkAnRfIaYo3iiPyJlWDjFgCV3L6rVy4 =rsNF -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba configuration error
On Tue, Jul 7, 2009 at 8:18 PM, David Christensendavid.christen...@viveli.com wrote: passdb backend = ldapsam:ldap://127.0.0.1 That should be plain. I.e. no tls/ssl. I intend to deploy with SSL just didn't want to use it during my initial tests. So by default with nothing specified in smb.conf TLS is on? If so something must have been broken in f9 because it was not explicitly stated. Maybe the behavior of ldap ssl changed between f9/10 and 11. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba configuration error
On Tue, Jul 7, 2009 at 8:27 PM, Norberto Bensanbe...@gmail.com wrote: On Tue, Jul 7, 2009 at 8:18 PM, David Christensendavid.christen...@viveli.com wrote: passdb backend = ldapsam:ldap://127.0.0.1 That should be plain. I.e. no tls/ssl. I'm sorry. That could be TLS if the server supports it. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba configuration error
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Norberto Bensa wrote: On Tue, Jul 7, 2009 at 8:27 PM, Norberto Bensanbe...@gmail.com wrote: On Tue, Jul 7, 2009 at 8:18 PM, David Christensendavid.christen...@viveli.com wrote: passdb backend = ldapsam:ldap://127.0.0.1 That should be plain. I.e. no tls/ssl. I'm sorry. That could be TLS if the server supports it. I took a look at the /var/log/message log and see: smbd continuing to use: lib/smbldap.c:smb_ldap_start_tls, which is failing also -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.9 (GNU/Linux) Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org iEYEARECAAYFAkpT378ACgkQ5B+8XEnAvquwugCfXNNBgwGKWLFo0Nuwlux4un7X BxoAnRuzyosQhroiJ0wd1pYsvx7n6srg =Bul8 -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba configuration error
On Tue, Jul 7, 2009 at 8:52 PM, David Christensendavid.christen...@viveli.com wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Norberto Bensa wrote: On Tue, Jul 7, 2009 at 8:27 PM, Norberto Bensanbe...@gmail.com wrote: On Tue, Jul 7, 2009 at 8:18 PM, David Christensendavid.christen...@viveli.com wrote: passdb backend = ldapsam:ldap://127.0.0.1 That should be plain. I.e. no tls/ssl. I'm sorry. That could be TLS if the server supports it. I took a look at the /var/log/message log and see: with ldap ssl = off ??? -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
