[Bug 1576799] Re: Regression: 2:4.3.8+dfsg-0ubuntu0.14.04.2 Failed to Issue the StartTLS instruction

Arjit 1576799 at bugs.launchpad.net
Tue Jan 9 04:42:29 UTC 2018 

apt-cache policy samba
samba:
  Installed: 2:4.3.11+dfsg-0ubuntu0.16.04.12
  Candidate: 2:4.3.11+dfsg-0ubuntu0.16.04.13~ppa1
  Version table:
     2:4.3.11+dfsg-0ubuntu0.16.04.13~ppa1 500
        500 http://ppa.launchpad.net/ahasenack/samba-tls-regression-1576799/ubuntu xenial/main amd64 Packages
 *** 2:4.3.11+dfsg-0ubuntu0.16.04.12 500
        500 http://in.archive.ubuntu.com/ubuntu xenial-updates/main amd64 Packages
        500 http://security.ubuntu.com/ubuntu xenial-security/main amd64 Packages
        100 /var/lib/dpkg/status
     2:4.3.8+dfsg-0ubuntu1 500
        500 http://in.archive.ubuntu.com/ubuntu xenial/main amd64 Packages

It shows your PPA repository.

As mentioned earlier libads.so.0 is updated on 16 nov
ll  /usr/lib/x86_64-linux-gnu/samba/libads.so.0
-rw-r--r-- 1 root root 162128 Nov 16 18:11 /usr/lib/x86_64-linux-gnu/samba/libads.so.0

Alternately If you can provide library i will replace the same in my
machine.

-- 
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to samba in Ubuntu.
https://bugs.launchpad.net/bugs/1576799

Title:
  Regression: 2:4.3.8+dfsg-0ubuntu0.14.04.2 Failed to Issue the StartTLS
  instruction

Status in samba package in Ubuntu:
  Confirmed

Bug description:
  With the recent samba upgrade to 2:4.3.8+dfsg-0ubuntu0.14.04.2, we
  were seeing regression with authentication:

  /var/log/syslog
  Apr 28 17:45:52 hostname winbindd[769]: [2016/04/28 17:45:52.415470,  0] ../source3/lib/smbldap.c:575(smbldap_start_tls)
  Apr 28 17:45:52 hostname winbindd[769]:   Failed to issue the StartTLS instruction: Connect error
  Apr 28 17:45:52 hostname winbindd[769]: [2016/04/28 17:45:52.898408,  0] ../source3/lib/smbldap.c:575(smbldap_start_tls)
  Apr 28 17:45:52 hostname winbindd[769]:   Failed to issue the StartTLS instruction: Connect error

  
  We had to rollback to: 2:4.1.6+dfsg-1ubuntu2.14.04.13 and everything worked again.

  Here's a basic samba config that reproduces the issue:

  Perfectly reproducible with this:
    realm = AD.DOMAIN.COM
    security = ads
    ldap ssl = start_tls
    ldap ssl ads = yes

  [LDAP] TLS: hostname (172.12.12.12) does not match common name in certificate (hostname).
  [LDAP] ldap_err2string
  Failed to issue the StartTLS instruction: Connect error

  Samba seems to construct the LDAP URL with the IP of the AD controller
  in it instead of the hostname and then because our ldap.conf requires
  it, the server cert validation fails

  Please let me know if there are any other logs I can provide

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/samba/+bug/1576799/+subscriptions

More information about the foundations-bugs mailing list