[Samba] Unable to authenticate ldap externally after upgrade from 4.4.0 to 4.4.2

lingpanda101 at gmail.com lingpanda101 at gmail.com
Wed Apr 13 16:15:55 UTC 2016


     After upgrading all external services will no longer authenticate 
to the domain. One of those is osTicket. Looking through the release 
notes I figured this would happen. However I'm a bit tentative to make 
changes to my smb.conf without doing damage and asking for help from the 
list. I have 6 DC's. One holds all the FMSO roles. This is the smb.conf 
from that DC.

         workgroup = DOMAIN
         realm = DOMAIN.LOCAL
         netbios name = PFDC1
         server role = active directory domain controller
         dns forwarder =
         idmap_ldb:use rfc2307 = Yes

         log level = 0
         logging = syslog at 1 file
         debug uid = Yes
         debug pid = Yes

         allow dns updates = nonsecure

         load printers = No
         printcap name = /dev/null
         disable spoolss = Yes

         # Add and Update TLS Key
         tls enabled = yes
         tls keyfile = tls/sambaKey.pem
         tls certfile = tls/sambaCert.pem
         tls cafile =

         path = /usr/local/samba/var/locks/sysvol/domain.local/scripts
         read only = No

         path = /usr/local/samba/var/locks/sysvol
         read only = No

The only difference this DC has in it's smb.conf from the others is the 
TLS key section. I needed to create a custom self-signed certificate for 
another service that required a stronger key. 2048 bit. Not sure if this 
has any bearing on my issue. I think my issue has to do with the the 
following value

'ldap server require strong auth = yes'

Is this where I should be looking? For reference this is how I setup 
osTicket parameters for external ldap authentication.


Dc's are all Ubuntu 12.04. Installed Samba from tar and the following 

make install

Installation went fine without error. Thanks.


More information about the samba mailing list