Displaying 20 results from an estimated 6000 matches similar to: "Samba "pass" authentication to OpenID or SAML (external)"
2019 Oct 11
1
Samba "pass" authentication to OpenID or SAML (external)
thanks,
I believe I will need to do an Adfs for this kind of authentication. I
found nothing in documented about federation service, is it possible
to do samba?
Thiago
Em sex, 11 de out de 2019 00:16, Andrew Bartlett <abartlet at samba.org>
escreveu:
> On Thu, 2019-10-10 at 21:24 -0300, Thiago Anderson Santos via samba
> wrote:
> > Hello everyone,
> > I received a
2019 Oct 11
0
Samba "pass" authentication to OpenID or SAML (external)
On Thu, 2019-10-10 at 21:24 -0300, Thiago Anderson Santos via samba
wrote:
> Hello everyone,
> I received a somewhat strange and complicated demand today.
> 
> The idea of the manager is to use samba as a domain server but the
> directory tree (authentication and authorization of users) is on an
> external SAML server using keycloak. The samba will pass only GPO.
> 
> Is
2016 Nov 21
2
kerberos | client not found
Hi,
Can someone point out what I am doing wrong here?
Background: I'm trying to make keycloak (saml) authenticate using 
kerberos, and I'm getting "client not found in kerberos database". Below 
are the steps I have taken.
I'm using a domain member servers machine account (server$) to add the 
SPN, since keycloak is running on that member server. (for the record: 
the
2017 Jan 27
1
pwdLastSet, password required to change (samba vs MSAD)
Hi Andrew and Rowland,
Two replies, so quickly! I'm impressed :-)
On 01/27/2017 10:47 AM, Andrew Bartlett via samba wrote:
 > And a very interesting one at that.  I'm glad to see someone has taken
 > on some of the ADFS capability I hear folks ask for regularly.
Yes I agree, keycloak is very cool.
I have found the following samba bug report:
2020 Jul 04
2
dovecot oauth
Hello,
I'm trying to configure roundcube / dovecot to work with keycloak.
I activated xoauth2 oauthbearer in dovecot.
But a problem occurs when dovecot tries to contact the keycloak server
(logs are below).
My problem looks like this one:
https://dovecot.org/pipermail/dovecot/2019-December/117768.html
The response to this problem was about a bug in oauth driver
2010 May 04
4
OneLogin releases SAML for Ruby
We have just published a neat little toolkit for those of you who are
interested in SAML-enabling your enterprise application. SAML is a
standards-based single sign-on protocol, which allows an identity
provider to securely log users into an application without a password.
Some of the advantages of SAML that you avoid passwords altogether and
can centralize access control at your identity
2017 Jan 27
4
pwdLastSet, password required to change (samba vs MSAD)
Hi,
We are using keycloak with our samba-4.4.4 AD environment. (an ldaps 
client application)
Keycloak is able to ask users to change their passwords, when the 
checkbox "require password change upon next logon" is set in ADUC.
However, in our environment (samba-4.4.4) keycloak simply refuses the 
logons when tht checkbox is set. ("bad username or password")
RedHat
2016 Dec 03
2
SAML | Input buffer full (no auth attempts in 0 secs)
Hi,
In my journey to enable SAML auth for our webmail (sogo.nu) I have
created a password-less dovecot imap listener on 127.0.0.1/32, so that
once a user is SAML authenticated for the SOGo webmail, SOGo can connect 
to dovecot on 127.0.0.1:143 with something like "01 LOGIN username 
randompassword".
Watching this (tcpflow) as it happens,i can see the following auth 
attempt coming from
2019 Dec 08
2
Dovecot & OAuth
On 06/12/2019 20:54, Aki Tuomi via dovecot wrote:
> Hi!
>
> It seems there is a bug in the oauth2 driver, it loads the cert files wrong way. I'll make an internal bug report of this.
Tracking as DOP-1590.
Regards,
Stephan.
>> On 06/12/2019 16:42 mizuki <mizuki0621 at gmail.com> wrote:
>>
>>
>> Hi,
>>
>> For troubleshooting purposes, I
2019 Oct 16
4
Child Domains
Hello good night everyone, I can do in samba domain children, that is, I
have a domain global.corp and in each branch I have a city.global.corp and
in each city have trust between the child domains?
Is this a good practice?
Thiago.
2019 Dec 06
4
Dovecot & OAuth
I changed some of the tls options following the document, now config is
following:
tokeninfo_url =
https://keycloak.com/auth/realms/mail/protocol/openid-connect/token
introspection_url =
https://dovecot:7598e21b-ec34-481f-80d0-059bddae0923 at keycloak.com/auth/realms/demo/protocol/openid-connect/token/introspect
introspection_mode = post
debug = yes
rawlog_dir = /tmp/oauth2
#force_introspection
2020 Jul 08
1
Dovecot - Xoauth2 - keycloak
Hello,
Still trying to make roundcube / Dovecot works with Keycloak.
Dovecot can't seem to validate the access_token that Roundcube gave.
-----
Jul 08 20:48:05 auth: Debug: http-client[1]: request [Req1: GET
2019 Oct 16
2
Child Domains
Thanks,
I will start reading today.
[image: Logo - ZUP] Thiago Anderson / Analista de Infraestrutura
[image: ?cone de e-mail] thiago.santos at zup.com.br
[image: ?cone de celular] (34)98857-4909 [image: ?cone de telefone] (34)
3210-8181ZUP IT INNOVATION
Avenida Nicomedes Alves dos Santos, 1205, Sala 105
Uberl?ndia - MG
Em qua, 16 de out de 2019 ?s 04:43, L.P.H. van Belle via samba <
samba at
2024 Aug 30
1
ldapsrv_do_call: Critical extension 1.2.840.113556.1.4.2066 is not known to this server
?Hi Team,
Environment:? Samba 4.20.4 AD-DC on bookworm.
I am trying to setup password change for users as self-service in the 
account-console in Keycloak (25.0.4 on Bookworm).
I have setup Keycloak user federation with writable (Active Directory) 
LDAP and Kerberos and without synchronization (so there are no local 
Keycloak actions, everything goes directly to Samba).
I have tested the
2016 Nov 21
0
kerberos | client not found
Hai Mourik-Jan, 
I think you missing your ptr record in the reverse zone. 
Or you missing the Krb5KeyTab variable in the apache setup. 
Test : 
dig keycloak.company.com     ( results in A ip. ) 
dig -x ip_adres 
https://wiki.samba.org/index.php/Authenticating_Apache_against_Active_Directory 
Greetz, 
Louis
> -----Oorspronkelijk bericht-----
> Van: samba [mailto:samba-bounces at
2020 Nov 09
2
Multi-factor Auth status
Is there any information iI can grab on implementing MFA via the samba 4 AD? Perhaps via the Okta API or SAML?
JD
2020 Jul 05
2
dovecot oauth
> On 05/07/2020 19:43 Aki Tuomi <aki.tuomi at open-xchange.com> wrote:
> 
>  
> > On 04/07/2020 21:12 la.jolie at paquerette <la.jolie at paquerette.org> wrote:
> > 
> >  
> > Hello,
> > 
> > I'm trying to configure roundcube / dovecot to work with keycloak.
> > I activated xoauth2 oauthbearer in dovecot.
> > But a problem
2019 Dec 05
2
Dovecot & OAuth
Hi all,
We'd like to enable OAuth with Keycloak in Dovecot, after enabling
'OAUTHBEARER XOAUTH2' in Dovecot based on online document, I can confirm
Dovecot is ready for OAuth using openssl command, however when the auth
request comes in, it failed in establishing a SSL connection with Keycloak
server on port 443, shown as following in debug logs. I can confirming
using commands
2016 Jun 01
2
ADFS support?
Hi,
Is it possible to query an Exchange server for its user list via ADFS
using samba?
I'm interested in integrating this support with postfix on my fedora
system instead of having to maintain the list in Exchange and the list
as a map in postfix.
I really don't know much about Exchange and whether/how this would
work. Is it secure?
Is LDAPS an alternative? Is it secure?
Thanks,
Alex
2016 Dec 29
5
two listeners with different "driver = " configs
Hi,
I would like to have two seperate imap listeners, with different 
authentication settings, but the mailstore and userbase etc will be 
identical.
I know I can do this:
> service imap-login {
>    inet_listener imap {
>      port = 143
>    }
>    inet_listener imap2 {
>      port = 144
>    }
> }
But I'm unsure how to configure imap/143 with "driver =