Thursday, December 30, 2010

Failed to issue the StartTLS instruction: Protocol error

I encountered the error mentioned in the title of this post after upgrading my samba install on Debian Lenny using Enterprise Samba binaries. The latest version they distribute at the time of writing is 3.4.9. My samba install talks to an ldap backend and the above error was shown upon starting the new version. Seems they added (or changed the default) option for the ldap protocol in smb.conf. Adding:

ldap ssl = off
makes the error go away.
Cool.

5 comments:

klausengelmann said...

Kenny:

Your tip was great.

It solved me a big problem.

Thanks,

Anonymous said...

It helps me a lot too, thanks

Tin said...

Hmmm - after an hour of trying to work out why my 2 new servers were so dang slow to connect, it turns out to be this easy. I'd been running around OpenLDAP trying to fix it's indexing complaints instead (and managed to hose the data at one stage - lucky I'd backed up a few hours earlier).

One massive note to people - this makes Samba talk to LDAP in plain text. The traffic could be monitored by malicious users and passwords can be stolen quite easily. This includes administrative passwords like the root DN password!

Subhajit Chakraborty said...

Thanks sir

Anonymous said...

Thanks you save my day