[Samba] Unable to authenticate ldap externally after upgrade from 4.4.0 to 4.4.2
lingpanda101 at gmail.com
lingpanda101 at gmail.com
Wed Apr 13 16:15:55 UTC 2016
Hello,
After upgrading all external services will no longer authenticate
to the domain. One of those is osTicket. Looking through the release
notes I figured this would happen. However I'm a bit tentative to make
changes to my smb.conf without doing damage and asking for help from the
list. I have 6 DC's. One holds all the FMSO roles. This is the smb.conf
from that DC.
[global]
workgroup = DOMAIN
realm = DOMAIN.LOCAL
netbios name = PFDC1
server role = active directory domain controller
dns forwarder = 8.8.8.8
idmap_ldb:use rfc2307 = Yes
log level = 0
logging = syslog at 1 file
debug uid = Yes
debug pid = Yes
allow dns updates = nonsecure
load printers = No
printcap name = /dev/null
disable spoolss = Yes
# Add and Update TLS Key
tls enabled = yes
tls keyfile = tls/sambaKey.pem
tls certfile = tls/sambaCert.pem
tls cafile =
[netlogon]
path = /usr/local/samba/var/locks/sysvol/domain.local/scripts
read only = No
[sysvol]
path = /usr/local/samba/var/locks/sysvol
read only = No
The only difference this DC has in it's smb.conf from the others is the
TLS key section. I needed to create a custom self-signed certificate for
another service that required a stronger key. 2048 bit. Not sure if this
has any bearing on my issue. I think my issue has to do with the the
following value
'ldap server require strong auth = yes'
Is this where I should be looking? For reference this is how I setup
osTicket parameters for external ldap authentication.
http://blog.zwiegnet.com/linux-server/configure-osticket-for-ldap-authentication/
Dc's are all Ubuntu 12.04. Installed Samba from tar and the following
commands.
./configure
make
make install
Installation went fine without error. Thanks.
--
-James
More information about the samba
mailing list