Lionel Monchecourt
2020-Mar-14 18:52 UTC
[Samba] Replace completely an AD PKI authentication with Samba ?
Hi, I'm currently using an AD with PKI/certificate authentication ( some of my users are even using smartcards ). Could I replace my Microsoft AD & certificates with a pure Samba solution ? any tricks, non features I should know ? If so , do you know any docker image maybe that I could start with to do my test ? ( or some VM ? ) Thanks _ -- This email has been checked for viruses by Avast antivirus software. https://www.avast.com/antivirus
Andrew Bartlett
2020-Mar-15 07:38 UTC
[Samba] Replace completely an AD PKI authentication with Samba ?
On Sat, 2020-03-14 at 19:52 +0100, Lionel Monchecourt via samba wrote:> Hi, > > I'm currently using an AD with PKI/certificate authentication ( some of my > users are even using smartcards ). > > Could I replace my Microsoft AD & certificates with a pure Samba solution ? > any tricks, non features I should know ?https://wiki.samba.org/index.php/Samba_AD_Smart_Card_Login> If so , do you know any docker image maybe that I could start with to do my > test ? ( or some VM ? )Yes, it is known to work, but do see https://bugzilla.samba.org/show_bug.cgi?id=9612 Long term, what I would prefer is to store the user certificate in the directory (as modern Windows AD versions can), rather than by signing with PKI, but this would require development work. Thanks, Andrew Bartlett -- Andrew Bartlett http://samba.org/~abartlet/ Authentication Developer, Samba Team http://samba.org Samba Developer, Catalyst IT http://catalyst.net.nz/services/samba
Lionel Monchecourt
2020-Mar-15 16:38 UTC
[Samba] Replace completely an AD PKI authentication with Samba ?
Hi Andrew, Thanks a lot for your answer. I found the wiki page but I was wondering how reliable is the solution I'm not so worried with the bug of the revoked certificate, but it is good to know , I will store with the certificate outside for now ... Thanks a lot , Have a good WE Lionel -----Original Message----- From: Andrew Bartlett [mailto:abartlet at samba.org] Sent: 15 March 2020 08:38 To: Lionel Monchecourt; samba at lists.samba.org Subject: Re: [Samba] Replace completely an AD PKI authentication with Samba ? On Sat, 2020-03-14 at 19:52 +0100, Lionel Monchecourt via samba wrote:> Hi, > > I'm currently using an AD with PKI/certificate authentication ( some of my > users are even using smartcards ). > > Could I replace my Microsoft AD & certificates with a pure Samba solution ? > any tricks, non features I should know ?https://wiki.samba.org/index.php/Samba_AD_Smart_Card_Login> If so , do you know any docker image maybe that I could start with to do my > test ? ( or some VM ? )Yes, it is known to work, but do see https://bugzilla.samba.org/show_bug.cgi?id=9612 Long term, what I would prefer is to store the user certificate in the directory (as modern Windows AD versions can), rather than by signing with PKI, but this would require development work. Thanks, Andrew Bartlett -- Andrew Bartlett http://samba.org/~abartlet/ Authentication Developer, Samba Team http://samba.org Samba Developer, Catalyst IT http://catalyst.net.nz/services/samba -- This email has been checked for viruses by Avast antivirus software. https://www.avast.com/antivirus
Possibly Parallel Threads
- Connection to ADSI edit
- Replace completely an AD PKI authentication with Samba ?
- Fwd: Replace completely an AD PKI authentication with Samba ?
- How to create a user WIHTOUT beeing prompted for the password
- AD with PKI authentication - issue on cert generation