With this workaround in smb.conf it works: client ldap sasl wrapping = plain
Since samba is using tls due to "ldap ssl = start tls" and "ldap ssl ads = yes", it looks like "plain" is safe enough, since ldap is using ssl, but ymmv. All in all, I think the bug about the connection using the IP instead of the hostname specified in the configs is fixed in my ppa packages. I reproduced it in xenial and also in bionic. @arjitkumar can you please double check that you are getting the TLS error about the hostname/ip mismatch, and not something else, with the new packages? -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1576799 Title: Regression: 2:4.3.8+dfsg-0ubuntu0.14.04.2 Failed to Issue the StartTLS instruction To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/samba/+bug/1576799/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs