Michael Tokarev
2025-Jan-03 13:05 UTC
[Samba] Authenticating to samba LDAP using a TLS cert?
Hi! Is it possible to authenticate to samba-provided LDAP service using a TLS certificate, instead of using a username (actually a DN) and a password? Thanks, /mjt
Norbert Hanke
2025-Jan-03 15:40 UTC
[Samba] Authenticating to samba LDAP using a TLS cert?
That is known as PKINIT for Kerberos and according to https://wiki.samba.org/index.php/Samba_AD_Smart_Card_Login it should work. In the Windows world it's usually with users having a Smartcard holding key and certificate, but protocol-wise should work with any client certificate having the correct attributes that allows to map the certificate to a Windows user. I never tried it in my owm Samba-based infrastructure but the company I worked for used it big-scale with Smartcards and Windows DCs. Regards, Norbert On 1/3/2025 2:05 PM, Michael Tokarev via samba wrote:> Hi! > > Is it possible to authenticate to samba-provided LDAP service using > a TLS certificate, instead of using a username (actually a DN) and > a password? > > Thanks, > > /mjt >
Apparently Analagous Threads
- RFE: OpenSSH Support for PKCS11 Funneling to PAM for Kerberos/PKINIT
- RFE: OpenSSH Support for PKCS11 Funneling to PAM for Kerberos/PKINIT
- RFE: OpenSSH Support for PKCS11 Funneling to PAM for Kerberos/PKINIT
- OpenSSH PKCS#11merge
- Your advices regarding authentication methods compatible with S4