similar to: Samba "pass" authentication to OpenID or SAML (external)

thanks, I believe I will need to do an Adfs for this kind of authentication. I found nothing in documented about federation service, is it possible to do samba? Thiago Em sex, 11 de out de 2019 00:16, Andrew Bartlett <abartlet at samba.org> escreveu: > On Thu, 2019-10-10 at 21:24 -0300, Thiago Anderson Santos via samba > wrote: > > Hello everyone, > > I received a

On Thu, 2019-10-10 at 21:24 -0300, Thiago Anderson Santos via samba wrote: > Hello everyone, > I received a somewhat strange and complicated demand today. > > The idea of the manager is to use samba as a domain server but the > directory tree (authentication and authorization of users) is on an > external SAML server using keycloak. The samba will pass only GPO. > > Is

Hi, Can someone point out what I am doing wrong here? Background: I'm trying to make keycloak (saml) authenticate using kerberos, and I'm getting "client not found in kerberos database". Below are the steps I have taken. I'm using a domain member servers machine account (server$) to add the SPN, since keycloak is running on that member server. (for the record: the

Hi Andrew and Rowland, Two replies, so quickly! I'm impressed :-) On 01/27/2017 10:47 AM, Andrew Bartlett via samba wrote: > And a very interesting one at that. I'm glad to see someone has taken > on some of the ADFS capability I hear folks ask for regularly. Yes I agree, keycloak is very cool. I have found the following samba bug report:

Hello, I'm trying to configure roundcube / dovecot to work with keycloak. I activated xoauth2 oauthbearer in dovecot. But a problem occurs when dovecot tries to contact the keycloak server (logs are below). My problem looks like this one: https://dovecot.org/pipermail/dovecot/2019-December/117768.html The response to this problem was about a bug in oauth driver

Hi, We are using keycloak with our samba-4.4.4 AD environment. (an ldaps client application) Keycloak is able to ask users to change their passwords, when the checkbox "require password change upon next logon" is set in ADUC. However, in our environment (samba-4.4.4) keycloak simply refuses the logons when tht checkbox is set. ("bad username or password") RedHat

We have just published a neat little toolkit for those of you who are interested in SAML-enabling your enterprise application. SAML is a standards-based single sign-on protocol, which allows an identity provider to securely log users into an application without a password. Some of the advantages of SAML that you avoid passwords altogether and can centralize access control at your identity

On 06/12/2019 20:54, Aki Tuomi via dovecot wrote: > Hi! > > It seems there is a bug in the oauth2 driver, it loads the cert files wrong way. I'll make an internal bug report of this. Tracking as DOP-1590. Regards, Stephan. >> On 06/12/2019 16:42 mizuki <mizuki0621 at gmail.com> wrote: >> >> >> Hi, >> >> For troubleshooting purposes, I

Hi, In my journey to enable SAML auth for our webmail (sogo.nu) I have created a password-less dovecot imap listener on 127.0.0.1/32, so that once a user is SAML authenticated for the SOGo webmail, SOGo can connect to dovecot on 127.0.0.1:143 with something like "01 LOGIN username randompassword". Watching this (tcpflow) as it happens,i can see the following auth attempt coming from

I changed some of the tls options following the document, now config is following: tokeninfo_url = https://keycloak.com/auth/realms/mail/protocol/openid-connect/token introspection_url = https://dovecot:7598e21b-ec34-481f-80d0-059bddae0923 at keycloak.com/auth/realms/demo/protocol/openid-connect/token/introspect introspection_mode = post debug = yes rawlog_dir = /tmp/oauth2 #force_introspection

Hello good night everyone, I can do in samba domain children, that is, I have a domain global.corp and in each branch I have a city.global.corp and in each city have trust between the child domains? Is this a good practice? Thiago.

Hello, Still trying to make roundcube / Dovecot works with Keycloak. Dovecot can't seem to validate the access_token that Roundcube gave. ----- Jul 08 20:48:05 auth: Debug: http-client[1]: request [Req1: GET

Hai Mourik-Jan, I think you missing your ptr record in the reverse zone. Or you missing the Krb5KeyTab variable in the apache setup. Test : dig keycloak.company.com ( results in A ip. ) dig -x ip_adres https://wiki.samba.org/index.php/Authenticating_Apache_against_Active_Directory Greetz, Louis > -----Oorspronkelijk bericht----- > Van: samba [mailto:samba-bounces at

Thanks, I will start reading today. [image: Logo - ZUP] Thiago Anderson / Analista de Infraestrutura [image: ?cone de e-mail] thiago.santos at zup.com.br [image: ?cone de celular] (34)98857-4909 [image: ?cone de telefone] (34) 3210-8181ZUP IT INNOVATION Avenida Nicomedes Alves dos Santos, 1205, Sala 105 Uberl?ndia - MG Em qua, 16 de out de 2019 ?s 04:43, L.P.H. van Belle via samba < samba at

Is there any information iI can grab on implementing MFA via the samba 4 AD? Perhaps via the Okta API or SAML? JD

> On 05/07/2020 19:43 Aki Tuomi <aki.tuomi at open-xchange.com> wrote: > > > > On 04/07/2020 21:12 la.jolie at paquerette <la.jolie at paquerette.org> wrote: > > > > > > Hello, > > > > I'm trying to configure roundcube / dovecot to work with keycloak. > > I activated xoauth2 oauthbearer in dovecot. > > But a problem

Hi all, We'd like to enable OAuth with Keycloak in Dovecot, after enabling 'OAUTHBEARER XOAUTH2' in Dovecot based on online document, I can confirm Dovecot is ready for OAuth using openssl command, however when the auth request comes in, it failed in establishing a SSL connection with Keycloak server on port 443, shown as following in debug logs. I can confirming using commands

Hi, Is it possible to query an Exchange server for its user list via ADFS using samba? I'm interested in integrating this support with postfix on my fedora system instead of having to maintain the list in Exchange and the list as a map in postfix. I really don't know much about Exchange and whether/how this would work. Is it secure? Is LDAPS an alternative? Is it secure? Thanks, Alex

Hi, I would like to have two seperate imap listeners, with different authentication settings, but the mailstore and userbase etc will be identical. I know I can do this: > service imap-login { > inet_listener imap { > port = 143 > } > inet_listener imap2 { > port = 144 > } > } But I'm unsure how to configure imap/143 with "driver =

On 3 Dec 2016, at 20.47, mj <lists at merit.unu.edu> wrote: > > Hi, > > In my journey to enable SAML auth for our webmail (sogo.nu) I have > created a password-less dovecot imap listener on 127.0.0.1/32, so that > once a user is SAML authenticated for the SOGo webmail, SOGo can connect to dovecot on 127.0.0.1:143 with something like "01 LOGIN username