search for: samba_ad_smart_card_login

As I said in my last email, my intention was to not have to regenerate the domain controller certificate as explained here: https://wiki.samba.org/index.php/Samba_AD_Smart_Card_Login#Get_the_Domain_Controller.27s_GUID_with_script when I re-provisioned the same domain (in my test environment). The domain controller certificate requires its GUID. But I mixed "Domain GUID" and "Domain Controller GUID". And I was hoping by passing a known GUID to "samba...

...the wrong LDAP entry! > > My initial intention was to set the domain controller's GUID to a known > GUID to avoid to regenerate certificates when I recreate my Samba AD DC > environment - such as the certificate generation is explained here: > https://wiki.samba.org/index.php/Samba_AD_Smart_Card_Login#Get_the_Domain_Controller.27s_GUID_with_script > > But I have actually realized I mixed "Domain GUID" and "Domain > Controller GUID"! When I looked at the domain GUID in the LDAP > directory, I confirm I can find the one specified in the command line > "s...

...ing Sam via samba wrote: > Hi, > > Maybe this page might be helpful. I don't know how up to date it is, but > the expectation seems to be that it should be able to work with > alternative forms of authentication (with Kerberos PKINIT). > > https://wiki.samba.org/index.php/Samba_AD_Smart_Card_Login Yeah, I think something that presents as smart card login is likely to be the best bet. Smart cards are a pain, but could certainly help with the speed (compared with long complex passwords). The PKINIT stuff is meant to work, certainly worth a play in the lab. The main thing I would want to c...

...ror message : Operation failed error code : 0x80090350 The System cannot contact a domain controller to service the authentication request. Please try again later. I want to set a Widows AD PKI auth and so following this documentation ( stuck in this step ) : https://wiki.samba.org/index.php/Samba_AD_Smart_Card_Login#Obtain_Each_User. 27s_User_Principal_Name_.28UPN.29_and_the_Domain_Controller.27s_GUID Please note that : - I have of course registered the computer to the domain - I'm able to get connected through Microsoft computer / user config tool and it works. - When I launch the ADSI edit tool...

...9 at 11:55 +1300, Garming Sam via samba wrote: > >> Hi, Maybe this page might be helpful. I don't know how up to date it is, but the expectation seems to be that it should be able to work with alternative forms of authentication (with Kerberos PKINIT). https://wiki.samba.org/index.php/Samba_AD_Smart_Card_Login [1] > > Yeah, I think something that presents as smart card login is likely to > be the best bet. Smart cards are a pain, but could certainly help with > the speed (compared with long complex passwords). > > The PKINIT stuff is meant to work, certainly worth a play in the lab....

On 21/05/2023 22:29, Olivier MARTIN via samba wrote: > As I said in my last email, my intention was to not have to regenerate > the domain controller certificate as explained here: > https://wiki.samba.org/index.php/Samba_AD_Smart_Card_Login#Get_the_Domain_Controller.27s_GUID_with_script when I re-provisioned the same domain (in my test environment). The domain controller certificate requires its GUID. > > But I mixed "Domain GUID" and "Domain Controller GUID". And I was hoping > by passing a known GUID t...

Hi, I'm currently using an AD with PKI/certificate authentication ( some of my users are even using smartcards ). Could I replace my Microsoft AD & certificates with a pure Samba solution ? any tricks, non features I should know ? If so , do you know any docker image maybe that I could start with to do my test ? ( or some VM ? ) Thanks _ -- This email has been checked for

Hi folks, Does anybody have experience using ADCS in conjunction with Samba? I would like to create certificates using ADCS as a CA to create certificates to be deployed to servers running web applications. It would be very convenient to have joined Windows computers automatically trust certificates issued my own CA instead of having to import certificates manually on every browser on every

Hi to Samba list, dev, contributors and all the community. We are samba users for a long time now, and S4 since the early alpha version. We run now 5 DC for 700 users in our hospital and are very enthusiastic. This is definitely a great project. But now, we face a new challenge. We look over a new authentication method rather than the old user/password. Because we have many users switching

...ealized I was looking at the wrong LDAP entry! My initial intention was to set the domain controller's GUID to a known GUID to avoid to regenerate certificates when I recreate my Samba AD DC environment - such as the certificate generation is explained here: https://wiki.samba.org/index.php/Samba_AD_Smart_Card_Login#Get_the_Domain_Controller.27s_GUID_with_script But I have actually realized I mixed "Domain GUID" and "Domain Controller GUID"! When I looked at the domain GUID in the LDAP directory, I confirm I can find the one specified in the command line "samba-tool domain provisio...

> > Hi friends, > I need your help. > > I implemented > https://wiki.samba.org/index.php/Samba_AD_Smart_Card_Login > > https://docs.microsoft.com/en-us/troubleshoot/windows-server/windows-security/enabling-smart-card-logon-third-party-certification-authorities > enabling smart card logon on a Windows Server 2016 as a domain member of > Samba DC. > > Currently I still have no smart card logon s...

Hi all, I was just wondering if any of you are using biometric devices (eg: a fingerprint reader) or smartcards with Samba4 for network logon. Either as a replacement for a password or 'extra' as a 2nd factor. Would be interested in hearing experiences regarding this. Any information would be appreciated. Thanks in advance, Bram. -- Bram Matthys Software developer/IT consultant

Hi, Maybe this page might be helpful. I don't know how up to date it is, but the expectation seems to be that it should be able to work with alternative forms of authentication (with Kerberos PKINIT). https://wiki.samba.org/index.php/Samba_AD_Smart_Card_Login Cheers, Garming On 16/03/18 22:43, Olivier BILHAUT via samba wrote: > > > Hi to Samba list, dev, contributors and all the community. > > We are > samba users for a long time now, and S4 since the early alpha version. > We run now 5 DC for 700 users in our hospital and are...

...nning web applications. It > would be very convenient to have joined Windows computers > automatically > trust certificates issued my own CA instead of having to import > certificates manually on every browser on every computer. Your looking for this: https://wiki.samba.org/index.php/Samba_AD_Smart_Card_Login#Configure_Windows_to_Accept_Your_CA Dont look at the "Smart Card Login" part but the pics here show perfeclty howto do this. > > Is that scenario possible running only Samba? I can't find much in the > way of documentation. Hmm, there was more on the wiki.. I'll do...

...articles/15000006456-yubikey-smart-card-deployment-guide Ssh: https://www.digitalocean.com/community/tutorials/how-to-set-up-multi-factor-authentication-for-ssh-on-ubuntu-16-04 This works fine, simpel to setup, im using it on jessie/stretch/buster/bionic Samba: https://wiki.samba.org/index.php/Samba_AD_Smart_Card_Login https://freies-franken.org/index.php/2-uncategorised/2-2fa-mit-sssd-freeradius-google-authenticator-samba-ad-und-pfsense But in this one i would like to see this with winbind and not sssd. Or https://wiki.freeradius.org/guide/2FA-Active-Directory-plus-Proxy Some things to read and think abou...

...t; > I'm currently using an AD with PKI/certificate authentication ( some of my > users are even using smartcards ). > > Could I replace my Microsoft AD & certificates with a pure Samba solution ? > any tricks, non features I should know ? https://wiki.samba.org/index.php/Samba_AD_Smart_Card_Login > If so , do you know any docker image maybe that I could start with to do my > test ? ( or some VM ? ) Yes, it is known to work, but do see https://bugzilla.samba.org/show_bug.cgi?id=9612 Long term, what I would prefer is to store the user certificate in the directory (as modern Windows...

Hi, I'm trying to install an AD with PKI auth.I'm so referring to : https://wiki.samba.org/index.php/Samba_AD_Smart_Card_Login I have my forest working , users .etc. I'm now trying to generate the root CA. Using the template in the wiki , When I try to openssl req -new req -new -x509 -days 3650 -sha256 -extensions v3_ca -keyout private/cakey.pem -out cacert.pem -config /etc/ssl/openssl.cnf I get the foll...

...: 0x80090350 > > The System cannot contact a domain controller to service the authentication > request. Please try again later. > > > > I want to set a Widows AD PKI auth and so following this documentation ( > stuck in this step ) : > https://wiki.samba.org/index.php/Samba_AD_Smart_Card_Login#Obtain_Each_User. > 27s_User_Principal_Name_.28UPN.29_and_the_Domain_Controller.27s_GUID > > > > Please note that : > > - I have of course registered the computer to the domain > > - I'm able to get connected through Microsoft computer / user config tool > and...

...2.05.23 10:39, Rowland Penny via samba wrote: > > > On 21/05/2023 22:29, Olivier MARTIN via samba wrote: >> As I said in my last email, my intention was to not have to >> regenerate the domain controller certificate as explained here: >> https://wiki.samba.org/index.php/Samba_AD_Smart_Card_Login#Get_the_Domain_Controller.27s_GUID_with_script >> when I re-provisioned the same domain (in my test environment). The >> domain controller certificate requires its GUID. >> >> But I mixed "Domain GUID" and "Domain Controller GUID". And I was >> h...

Dear all, I did try to google search the archives [1] but cannot find any information on this. Would it be possible to somehow implement a passwordless (or as a 2FA) to login to a remote samba (linux server)? Any suggestions greatly appreciated, Greg 1. https://lists.samba.org/archive/samba/