[Samba] Unable to authenticate ldap externally after upgrade from 4.4.0 to 4.4.2

lingpanda101 at gmail.com lingpanda101 at gmail.com
Wed Apr 13 17:48:11 UTC 2016 

On 4/13/2016 12:15 PM, lingpanda101 at gmail.com wrote:
> Hello,
>
>     After upgrading all external services will no longer authenticate 
> to the domain. One of those is osTicket. Looking through the release 
> notes I figured this would happen. However I'm a bit tentative to make 
> changes to my smb.conf without doing damage and asking for help from 
> the list. I have 6 DC's. One holds all the FMSO roles. This is the 
> smb.conf from that DC.
>
> [global]
>         workgroup = DOMAIN
>         realm = DOMAIN.LOCAL
>         netbios name = PFDC1
>         server role = active directory domain controller
>         dns forwarder = 8.8.8.8
>         idmap_ldb:use rfc2307 = Yes
>
>         log level = 0
>         logging = syslog at 1 file
>         debug uid = Yes
>         debug pid = Yes
>
>         allow dns updates = nonsecure
>
>         load printers = No
>         printcap name = /dev/null
>         disable spoolss = Yes
>
>         # Add and Update TLS Key
>         tls enabled = yes
>         tls keyfile = tls/sambaKey.pem
>         tls certfile = tls/sambaCert.pem
>         tls cafile =
>
>
> [netlogon]
>         path = /usr/local/samba/var/locks/sysvol/domain.local/scripts
>         read only = No
>
> [sysvol]
>         path = /usr/local/samba/var/locks/sysvol
>         read only = No
>
>
> The only difference this DC has in it's smb.conf from the others is 
> the TLS key section. I needed to create a custom self-signed 
> certificate for another service that required a stronger key. 2048 
> bit. Not sure if this has any bearing on my issue. I think my issue 
> has to do with the the following value
>
> 'ldap server require strong auth = yes'
>
> Is this where I should be looking? For reference this is how I setup 
> osTicket parameters for external ldap authentication.
>
> http://blog.zwiegnet.com/linux-server/configure-osticket-for-ldap-authentication/ 
>
>
> Dc's are all Ubuntu 12.04. Installed Samba from tar and the following 
> commands.
>
> ./configure
> make
> make install
>
> Installation went fine without error. Thanks.
>
As I suspected the line

'ldap server require strong auth = yes'

does play a role. Setting this to no allowed external authentication 
again. Not with osTicket. It allowed other services I was having issues 
authenticating with. I will attempt to enable TLS on those applications 
so I can use the default behavior.






-- 
-James

More information about the samba mailing list