hi all, is it feasible to setup a ADFS server paired with a samba AD DC? Are there ADFS requirements (versions not older than ..., not newer than ...) if the samba AD DC is samba-4.9.1? I tried to match a Windows Server 2016 ADFS v3 with a samba-4.9.1 AD DC. The web form authentication allow a user to insert username and password, the ADFS correctly recognizes wrong password, but when password is correct, ADFS fails on the redirect step with a non-diagnostic error: S4U Logon for user with upn 'user at domain' threw the following exception: 'Insufficient system resources exist to complete the requested service' So, I was wondering if my naive attempt is architecturally flawed before delving into the issue more, thank you, franz
On Wed, 2018-10-31 at 11:52 +0100, Francesco Malvezzi via samba wrote:> hi all, > > is it feasible to setup a ADFS server paired with a samba AD DC? > Are there ADFS requirements (versions not older than ..., not newer than > ...) if the samba AD DC is samba-4.9.1? > > I tried to match a Windows Server 2016 ADFS v3 with a samba-4.9.1 AD DC. > The web form authentication allow a user to insert username and > password, the ADFS correctly recognizes wrong password, but when > password is correct, ADFS fails on the redirect step with a > non-diagnostic error: > > S4U Logon for user with upn 'user at domain' threw the following exception: > 'Insufficient system resources exist to complete the requested service' > > So, I was wondering if my naive attempt is architecturally flawed before > delving into the issue more,Are you running Heimdal or MIT Kerberos for the KDC? Thanks, Andrew Bartlett -- Andrew Bartlett https://samba.org/~abartlet/ Authentication Developer, Samba Team https://samba.org Samba Development and Support, Catalyst IT https://catalyst.net.nz/services/samba
Il 31/10/18 23:28, Andrew Bartlett ha scritto:> On Wed, 2018-10-31 at 11:52 +0100, Francesco Malvezzi via samba wrote: >> hi all, >> >> is it feasible to setup a ADFS server paired with a samba AD DC? >> Are there ADFS requirements (versions not older than ..., not newer than >> ...) if the samba AD DC is samba-4.9.1? >> >> I tried to match a Windows Server 2016 ADFS v3 with a samba-4.9.1 AD DC. >> The web form authentication allow a user to insert username and >> password, the ADFS correctly recognizes wrong password, but when >> password is correct, ADFS fails on the redirect step with a >> non-diagnostic error: >> >> S4U Logon for user with upn 'user at domain' threw the following exception: >> 'Insufficient system resources exist to complete the requested service' >> >> So, I was wondering if my naive attempt is architecturally flawed before >> delving into the issue more, > > Are you running Heimdal or MIT Kerberos for the KDC?It's the default Heimdal build, thank you, franz