Created attachment 10100 [details] starttls-error.log.smbd Samba server is a member of Windows domain, and has both IPv4 and IPv6 addresses. AD DC also has IPv4 and IPv6 enabled. When Samba server tries to talk to DC over IPv6, it yields cryptic error "Failed to issue the StartTLS instruction: Connect error" Interestingly, Samba logs indicate that Samba tries to communicate over IPv4, but tcpdump shows pure IPv6 connection being established. Excerpt from the log (some lines removed): Successfully contacted LDAP server 172.25.152.139 Opening connection to LDAP server 'EEM-DC-2.ad.corp.acme.com:389', timeout 15 seconds Connected to LDAP server 'EEM-DC-2.ad.corp.acme.com:389' Connected to LDAP server EEM-DC-2.ad.corp.acme.com saf_store: domain = [AD.CORP.ACME.COM], server = [EEM-DC-2.ad.corp.acme.com], expire = [1405098981] Failed to issue the StartTLS instruction: Connect error ads_connect failed: Connect error Everything works fine over IPv4 with IPv6 disabled. Other services work fine over IPv6. I vaguely remember from the bug 8910 that Samba should prefer IPv4 when both are available, but I'm not 100% sure and not seeing it happening.
Created attachment 10101 [details] starttls-error.tcp.dump tcpdump of ipv6 session between Samba server and the DC.
current samba member servers can join and work via ipv6. The ldap starttls that you see points to some misconfiguration I think.