When configuring openldap clients to use TLS with certificates, the paths to the cert and the key have to be saved in $HOME/.ldaprc. The samba daemon can be configured to use ldap with TLS, and thus needs access to $HOME/.ldaprc when setting up the connection. If you start up smb using /sbin/service $HOME does not get set in the newly created environment. This avoids smbd from getting the paths to its required certs/keys and thus from functioning properly. Proposal is to also export $HOME in the newly created environment in /sbin/service. [I am not sure if this introduces additional security problems.] The attached patch fixes this problem, this has been verified locally.
Created attachment 106407 [details] proposed fix.
It's really better for initscripts in general to not inherit the environment; that's why this change was made. This is probably something better handled specifcally in initscripts that need a $HOME.