similar to: Schema version 87 and windows Hello

Displaying 20 results from an estimated 2000 matches similar to: "Schema version 87 and windows Hello"

2020 Sep 26
4
Schema version 87 and windows Hello
Hi Andrew, I'm very interested in using Windows Hello for Business in small business environments, with Samba as the AD DC. I'm sorry that I don't have great news. The schema upgrade is the easy > part - we could do that by obtaining new schema from Microsoft: > > https://www.microsoft.com/en-nz/download/confirmation.aspx?id=23782 > (and yes, the licence terms are
2020 Sep 11
1
Schema version 87 and windows Hello
Hi, thank you for your answer :) ohhh that is new I thought that samba 4 was to this day incompatible with a schema update >= v67 (it is I think somewhere it is written in the documentation that the reason why windows > 2016 can't be used as domain controller is partly due to the schema that is what bothered me)) I already have set up an ADFS (win 2016) (works with heimdal krb
2020 Sep 11
0
Schema version 87 and windows Hello
On Sat, 2020-09-05 at 12:31 +0200, mailist via samba wrote: > Hi all, > > I would like to set up windows Hello (in the sense user and > management > are pressuring me) but for both option the schema would need to be at > least 87 (windows 2016). I looked on the roadmap, bugzilla but > couldn't > find anything regarding this topic. Would you know when this version >
2020 Sep 28
0
Schema version 87 and windows Hello
Hi Mason, On 9/26/20 9:34 AM, Mason Schmitt via samba wrote: > Hi Andrew, > > I'm very interested in using Windows Hello for Business in small business > environments, with Samba as the AD DC. > good luck I got it kind of working with :1 samba DC, 1 windows 2012 DC, 1 windows 2016 ADFS > > I'm sorry that I don't have great news. The schema upgrade is the easy
2020 Sep 28
1
Schema version 87 and windows Hello
> > Is this all that would be required to enable a deployment based upon a > > traditional PKI? > > > If you are using windows yes, if not then you would need to find a way > to replace the EDRS (there is a good doc about it here > > https://docs.microsoft.com/en-us/windows/security/identity-protection/hello-for-business/hello-how-it-works-provisioning > ) >
2020 Sep 29
2
Schema version 87 and windows Hello
> I am not that experiences about it^^ > I think that one first step would be to strip the registration (key > trust on my side), and once that would have been done submit the results > to the samba team and see if it is worth funding/implementing. > As I am not part of the samba team I cannot say more. > It sounds like you're suggesting that you're going to strictly
2020 Sep 30
0
Schema version 87 and windows Hello
I setup a test environment comporting of a windows 2016 evaluation server and a windows 10 eval too so you can tag along. Concerning the provisioning for key trust it looks like the Enterprise Device Registration Service is the one doing most of the work, since there are litte if no documentation about it, I prefer on my side to focus on the day to day auth flow. It looks like the easiest to
2020 Nov 20
3
Error Upgrading Schema
On 20/11/2020 02:13, Matthew Delfino Samba List wrote: > Thank you, Andrew! > > This evening I attempted the upgrade. I first carefully commented out each of the attributes from the Schema-Updates.md file. I then saved the file and ran the following command, which gave me the subsequent output: > > (as root) > > # samba-tool domain schemaupgrade > Temporarily
2020 Nov 20
1
Error Upgrading Schema
On 20/11/2020 15:46, Matthew Delfino Samba List wrote: > Rowland, > > I had the same thought. When I do that and try again, I get this message: > > # samba-tool domain schemaupgrade > Temporarily overriding 'dsdb:schema update allowed' setting > Patched Sch49.ldf using /usr/share/samba/setup/adprep/WindowsServerDocs/Sch49.ldf.diff > Exception in patch:
2016 Jun 01
2
ADFS support?
Hi, Is it possible to query an Exchange server for its user list via ADFS using samba? I'm interested in integrating this support with postfix on my fedora system instead of having to maintain the list in Exchange and the list as a map in postfix. I really don't know much about Exchange and whether/how this would work. Is it secure? Is LDAPS an alternative? Is it secure? Thanks, Alex
2024 May 31
1
Place of functional levels in Samba4 roadmap
Hi Samba list, As you know, security is currently the buzzword for most critical organizations. Active Directory implementations are an important node of all the security chain. French security agency, called ANSSI release a tool to audit Active Directory implementations, called ORADAD : https://github.com/ANSSI-FR/ORADAD/releases This tool retrieves all configuration from your AD, and make
2020 Nov 11
2
Error Upgrading Schema
On 10/11/2020 22:47, Matthew Delfino Samba List via samba wrote: > Andrew, > > I feel that it is your prerogative to determine how many odd possibilities you want your tools to account for, so that they might know what to do rather than exit with an error. You have a better sense for how likely it is that someone in the wild is altering their schema and might have changed an already
2020 Sep 02
2
schemaupgrade
Hello: I need to update the samba schema when I run the command: samba-tool domain schemaupgrade I have this error: Temporarily overriding 'dsdb:schema update allowed' setting Patched Sch49.ldf using /usr/local/samba/share/setup/adprep/WindowsServerDocs/Sch49.ldf.diff Patched Sch50.ldf using /usr/local/samba/share/setup/adprep/WindowsServerDocs/Sch50.ldf.diff Patched Sch51.ldf using
2009 Feb 05
2
Coding help : Where to log X11 forwards?
OpenSSH 5.1p1 I can't grasp why, when connecting with 'ssh -Y' to this test host, I am not tickling the verbose() call below that I have added. I am logging as auth + verbose in sshd_config The X11 forward for the session works fine as tested with xterm. At any rate, I am looking for some guidance on where to log X11 forwards that are established, ideally with a username and remote
2020 Nov 18
2
Error Upgrading Schema
On Wed, 2020-11-18 at 23:12 +0000, Matthew Delfino Samba List via samba wrote: > > There is only one thing that concerns me: One of the attributes > specified in the Samba script has a parameter whose value directly > contradicts the value specified in my old ldif file: > Well done with the analysis! > > In Samba script: > > dn:
2018 Oct 31
2
Pair ADFS with samba: possible?
hi all, is it feasible to setup a ADFS server paired with a samba AD DC? Are there ADFS requirements (versions not older than ..., not newer than ...) if the samba AD DC is samba-4.9.1? I tried to match a Windows Server 2016 ADFS v3 with a samba-4.9.1 AD DC. The web form authentication allow a user to insert username and password, the ADFS correctly recognizes wrong password, but when password
2019 Oct 11
1
Samba "pass" authentication to OpenID or SAML (external)
thanks, I believe I will need to do an Adfs for this kind of authentication. I found nothing in documented about federation service, is it possible to do samba? Thiago Em sex, 11 de out de 2019 00:16, Andrew Bartlett <abartlet at samba.org> escreveu: > On Thu, 2019-10-10 at 21:24 -0300, Thiago Anderson Santos via samba > wrote: > > Hello everyone, > > I received a
2020 Sep 29
0
Schema version 87 and windows Hello
Hi Mason, I am not that experiences about it^^ I think that one first step would be to strip the registration (key trust on my side), and once that would have been done submit the results to the samba team and see if it is worth funding/implementing. As I am not part of the samba team I cannot say more. Vincent On 9/29/20 6:59 PM, Mason Schmitt wrote: > Hi Vincent, > > it does
2019 Jan 22
3
Changing the imaps port #
Dovecot 2.3.4, FreeBSD 11.2 Due to comcast buisness ISP intercepting imaps I need to have my clients connect to non-standard port (9999). Previously I had been using stunnel to receive the imaps connection and forward it to the imap port over 127.0.0.1. But I would like to retire stunnel and have my imap clients connect remotely. I have configured the imap-login service - service imap-login {
2019 Jan 22
3
Changing the imaps port #
Yes, I am pretty sure about that. I originally was connected via AT&T DSL but wanted the fast access of cable modem. I need permanent IPs which required me to contract with Comcast buisness. Once I switched over, I was no longer able to access my imap server, which was as I mentioned, stunnel listening on the imaps port and forwarding to dovecot listening on the imap port. I was getting