Hello,
we upgraded from OES2/SLES10SP1 to OESSP2/SLES10SP3 and setup Samba
and Novell-Samba with YAST/YAST2.

We can access LDAP (eDirctory) with the LDAP-Browser and other Tools.

Samba doesn't work. When it starts /var/log/messages says:

Nov 26 10:14:17 pkm-db smbd[29389]: [2009/11/26 10:14:17, 0] lib/smbldap.c:smb_ldap_start_tls(610)
Nov 26 10:14:17 pkm-db smbd[29389]: Failed to issue the StartTLS instruction: Operations error

This is our smb.conf:

# smb.conf is the main Samba configuration file. You find a full commented
# version at /usr/share/doc/packages/samba/examples/smb.conf.SUSE if the
# samba-doc package is installed.
# Date: 2007-05-16
[global]
workgroup = workgroup
printing = cups
printcap name = cups
printcap cache time = 750
cups options = raw
map to guest = Bad User
include = /etc/samba/dhcp.conf
logon path = \\%L\profiles\.msprofile
logon home = \\%L\%U\.9xprofile
logon drive = P:
usershare allow guests = Yes
add machine script = /sbin/yast /usr/share/YaST2/data/add_machine.ycp %m$
domain logons = Yes
domain master = Yes
security = user
ldap group suffix = ou=Groups
ldap idmap suffix = ou=Idmap
ldap machine suffix = ou=Machines
ldap passwd sync = on
ldap suffix = ou=pkm,o=guth
ldap user suffix = ou=Users
passdb backend = NDS_ldapsam:ldaps://192.168.60.88:636
wins support = Yes
netbios name = pkm-db-samba-W
local master = Yes
os level = 65
preferred master = Yes
encrypt passwords = yes

# NOTE: use sendfile is set to no to support nss filesystem shares.
# To improve performance for other filesystems that support
# sendfile remove this line from the global section and add only
# to share definitions on nss filesystems.
use sendfile = no

# END - Entries made by OES install


# BEGIN - Entries made by OES install
ldap admin dn = cn=admin,o=guth
ldap delete dn = No
ldap replication sleep = 1000
ldap ssl = Start_tls
ldap timeout = 5

# END - Entries made by OES install


[homes]
comment = Home Directories
valid users = %S, %D%w%S
browseable = No
read only = No
guest ok = No
inherit acls = Yes
[profiles]
comment = Network Profiles Service
path = %H
read only = No
store dos attributes = Yes
create mask = 0600
directory mask = 0700
[users]
comment = All users
path = /home
read only = No
inherit acls = Yes
veto files = /aquota.user/groups/shares/
[groups]
comment = All groups
path = /home/groups
read only = No
inherit acls = Yes

# Share disabled by OES Install
# [printers]
# comment = All Printers
# path = /var/tmp
# printable = Yes
# create mask = 0600
# browseable = No

# Share disabled by OES Install
# [print$]
# comment = Printer Drivers
# path = /var/lib/samba/drivers
# write list = @ntadmin root
# force group = ntadmin
# create mask = 0664
# directory mask = 0775
#
[netlogon]
comment = Network Logon Service
path = /var/lib/samba/netlogon
write list = root


In iManager I switched LDAP tracing on, but I have no idea where I can see the trace.
Any ideas?

Thomas