With this workaround in smb.conf it works: client ldap sasl wrapping = plain
Since samba is using tls due to "ldap ssl = start tls" and "ldap ssl ads = yes", it looks like "plain" is safe enough, since ldap is using ssl, but ymmv. All in all, I think the bug about the connection using the IP instead of the hostname specified in the configs is fixed in my ppa packages. I reproduced it in xenial and also in bionic. @arjitkumar can you please double check that you are getting the TLS error about the hostname/ip mismatch, and not something else, with the new packages? -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to samba in Ubuntu. https://bugs.launchpad.net/bugs/1576799 Title: Regression: 2:4.3.8+dfsg-0ubuntu0.14.04.2 Failed to Issue the StartTLS instruction To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/samba/+bug/1576799/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs