Hello everybody, I'll try to find out some info about Samba and a way to put x509 authenticate method but i don't find anything clear about it. I found in the how-to v3 some stuff about authenticate PAM module to use with samba but I don't know if I look in the right direction. I have a samba server running for a lots of time based on smbpass DB. We plan to use our PKI certs to authenticate my colleges on the file server but I don't really know how to do such a thing. I think I need to configure Samba server to deal with a radius server like freeradius where I can configure X509 authenticate conf. to allow users with non revoked certificates. I don't really know how the Windows clients will deal with the samba server, how the process can work and if Windows will ask for certificates instead of login and pass... Do you think it's the way to do ? There is not a more simply way to make this stuff out ? thank you for your advices, I'm aware of them :) ;) (sorry for my questions, I'm not born "English" and do not know how to make my request with all the courtesy I can express in my childhood language.. :) please consider .... ;-o PS: I didn't found, also, a way to make a search in mailing list archive... :-( -- ===============================Romain BOTTAN mailto: romain.bottan@celsecat.com -- ============Romain BOTTAN ALCATEL CIT - Service S?curit? 26 Av. JF Champollion - BP 1076 31035 TOULOUSE cedex 1 T?l: +33(0)5 34 35 33 74 Port: +33(0)6 15 41 44 50 Fax: +33(0)5 34 35 33 99
On Tue, 2006-02-07 at 10:14 +0100, romain BOTTAN wrote:> Hello everybody, > > I'll try to find out some info about Samba and a way to put x509 > authenticate method but i don't find anything clear about it.There are not many 'good' options to put x509 certificates into the Samba authentication space, and if very much depends on the client and domain environment. Perhaps you are looking for an AD implementation, with PKINIT on kerberos? This is the only real solution for windows clients. If you control the clients (say they run Linux), you could push all CIFS connections via a SSL tunnel, but Samba wouldn't 'know' about this, so would not actually authenticate the users as such. Perhaps you need to explain what you are trying to do a bit more. Andrew Bartlett -- Andrew Bartlett http://samba.org/~abartlet/ Authentication Developer, Samba Team http://samba.org Student Network Administrator, Hawker College http://hawkerc.net -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 189 bytes Desc: This is a digitally signed message part Url : http://lists.samba.org/archive/samba/attachments/20060209/fe040f94/attachment.bin