search for: ostsachsen

...urpose of specifying the CRL in smb.conf? It seems to me that the smartcard login is not really reliable. Then my users still have to log in with password. For now, as long as 4.19 is not yet released. Hans Schulze EDV Tel: +49 3581 66931-41 Fax: +49 3581 66931-281 Mail: h.schulze at labor-ostsachsen.de Medizinisches Labor Ostsachsen MVZ GbR Nebenbetriebsst?tte G?rlitz Cottbuser Stra?e 11 D-02826 G?rlitz www.labor-ostsachsen.de <https://www.labor-ostsachsen.de> Die Hauptbetriebsst?tte der Medizinisches Labor Ostsachsen MVZ GbR befindet sich in der Flinzstra?e 1 in 02625 Bautzen. Die M...

On 20/07/2023 09:37, Hans Schulze via samba wrote: > I found an old bugzilla report for this behavior: > > https://bugzilla.samba.org/show_bug.cgi?id=9612 > > According to the statements in it, there was a patch already in version > 4.16 and in heimdal 8 last year? Which option must be in the krb5.conf? Sorry, but I read it slightly differently, there was a patch available,

Hello, has anyone tried Samba 4 AD with SmartCard-Authentication and trust of chain certificates. So with root ca and intermediate ca? I followed the HowTo from the Samba Wiki, but there is only explained how you use with only a root ca. Then i tried it myself. I created a intermediate ca and some certs for the dc and user. But, i always ran into: NT_STATUS_PKINIT_FAILURE Yes, i have paid

I found an old bugzilla report for this behavior: https://bugzilla.samba.org/show_bug.cgi?id=9612 According to the statements in it, there was a patch already in version 4.16 and in heimdal 8 last year? Which option must be in the krb5.conf? I have tried kdc_pkinit_revoke and pkinit_revoke. Both have no effect. Am 19.07.2023 um 14:27 schrieb Hans Schulze via samba: > Unfortunately this

Hello, i am facing the same problem right now. I start from scratch for an Samba AD. One question about this: I have registered a domain e.g. "bla.org" extra/unique for AD, to have an placeholder and there are no other external Services resolved over this, can i have an fqdn like "dc1.bla.org" or that also not recommended? The Domain is registred on a Nameserver from the

Unfortunately this does not work. Example: Yes, when i give it a few Days, the client will retrieve the actual crl faster. But the auth still works. I have tried it. I revoked an cert. Installed a new win10 client and joined the domain. After login with the revoked p12 cert on a yubikey, i can see he queries the CDP and still allows the login. With certutil and a cert in DER format, i tried