Bug 669900 - smbd (child) can't connect to ldap using tls (but smdb parent can)
Summary: smbd (child) can't connect to ldap using tls (but smdb parent can)
Keywords:
Status: CLOSED DUPLICATE of bug 636956
Alias: None
Product: Fedora
Classification: Fedora
Component: samba
Version: 14
Hardware: i686
OS: Linux
low
medium
Target Milestone: ---
Assignee: Guenther Deschner
QA Contact: Fedora Extras Quality Assurance
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2011-01-15 16:41 UTC by Ed van Gasteren
Modified: 2011-01-19 01:50 UTC (History)
4 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2011-01-19 01:50:48 UTC
Type: ---
Embargoed:

Attachments (Terms of Use)

Description Ed van Gasteren 2011-01-15 16:41:20 UTC 
Description of problem:

I try to list the shares on a samba server. Instead of a list of the shares I get a timeout.

Version-Release number of selected component (if applicable):
samba-*3.5.6-71.fc14.i686

How reproducible:
Every time. Tried from the server and a different linux client. From a windows, iMac or android phone client results are the same.

Steps to Reproduce:
$ smbclient  -L lt2
Enter ********'s password: 
  
Actual results:
Receiving SMB: Server stopped responding
session setup failed: Call timed out: server did not respond after 20000 milliseconds

Expected results:
A list of the shares on the server.

Additional info:
I recently upgraded (fresh install) the server from Fedora 11 --> 14. On Fedora 11 it worked fine. On Fedora 14 it fails.

This server is both a samba and an (open)ldap server. The two talk to each other over ssl (at least they did in the Fedora 11 days, but no longer now with Fedora 14). All the other ldap and ssl stuff between my clients an server seems to work.

After some debugging of samba and ldap it appeared that on the server smbd has difficulty connecting to the ldap server. That appears to be the case for the child smdb that runs for the client. The parent smdb doesn't have the problem.

# grep LDAP log.smbd
---
  [LDAP] ldap_create
  [LDAP] ldap_url_parse_ext(ldaps://ldap-p.vangasteren.nl)
  [LDAP] ldap_simple_bind_s
  [LDAP] ldap_sasl_bind_s
  [LDAP] ldap_sasl_bind
  [LDAP] ldap_send_initial_request
  [LDAP] ldap_new_connection 1 1 0
  [LDAP] ldap_int_open_connection
  [LDAP] ldap_connect_to_host: TCP ldap-p.vangasteren.nl:636
  [LDAP] ldap_new_socket: 10
  [LDAP] ldap_prepare_socket: 10
  [LDAP] ldap_connect_to_host: Trying 192.168.0.200:636
  [LDAP] ldap_pvt_connect: fd: 10 tm: -1 async: 0
  [LDAP] TLS: loaded CA certificate file ...
  [LDAP] TLS: loaded CA certificate file ...
...
  [LDAP] TLS certificate verification: defer
  [LDAP] TLS certificate verification: subject: ...
...
  [LDAP] ldap_open_defconn: successful
  [LDAP] ldap_send_server_request
---

# grep LDAP log.lt2
---
  [LDAP] ldap_unbind
  [LDAP] ldap_free_connection 1 1
  [LDAP] ldap_send_unbind
  [LDAP] ldap_free_connection: actually freed
  [LDAP] ldap_create
  [LDAP] ldap_url_parse_ext(ldaps://ldap-p.vangasteren.nl)
  [LDAP] ldap_simple_bind_s
  [LDAP] ldap_sasl_bind_s
  [LDAP] ldap_sasl_bind
  [LDAP] ldap_send_initial_request
  [LDAP] ldap_new_connection 1 1 0
  [LDAP] ldap_int_open_connection
  [LDAP] ldap_connect_to_host: TCP ldap-p.vangasteren.nl:636
  [LDAP] ldap_new_socket: 10
  [LDAP] ldap_prepare_socket: 10
  [LDAP] ldap_connect_to_host: Trying 192.168.0.200:636
  [LDAP] ldap_pvt_connect: fd: 10 tm: -1 async: 0
  [LDAP] TLS: error: connect - force handshake failure: errno 0 - moznss error -8023
  [LDAP] TLS: can't connect: .
---
Comment 1 Michael Cronenworth 2011-01-19 01:50:48 UTC 
There is a workaround - https://bugzilla.redhat.com/show_bug.cgi?id=636956#c36

*** This bug has been marked as a duplicate of bug 636956 ***
Note You need to log in before you can comment on or make changes to this bug.