Displaying 20 results from an estimated 2000 matches similar to: "Schema version 87 and windows Hello"
2020 Sep 26
4
Schema version 87 and windows Hello
Hi Andrew,
I'm very interested in using Windows Hello for Business in small business
environments, with Samba as the AD DC.
I'm sorry that I don't have great news. The schema upgrade is the easy
> part - we could do that by obtaining new schema from Microsoft:
>
> https://www.microsoft.com/en-nz/download/confirmation.aspx?id=23782
> (and yes, the licence terms are
2020 Sep 11
1
Schema version 87 and windows Hello
Hi,
thank you for your answer :)
ohhh that is new I thought that samba 4 was to this day incompatible
with a schema update >= v67 (it is I think somewhere it is written in
the documentation that the reason why windows > 2016 can't be used as
domain controller is partly due to the schema that is what bothered me))
I already have set up an ADFS (win 2016) (works with heimdal krb
2020 Sep 11
0
Schema version 87 and windows Hello
On Sat, 2020-09-05 at 12:31 +0200, mailist via samba wrote:
> Hi all,
>
> I would like to set up windows Hello (in the sense user and
> management
> are pressuring me) but for both option the schema would need to be at
> least 87 (windows 2016). I looked on the roadmap, bugzilla but
> couldn't
> find anything regarding this topic. Would you know when this version
>
2020 Sep 28
0
Schema version 87 and windows Hello
Hi Mason,
On 9/26/20 9:34 AM, Mason Schmitt via samba wrote:
> Hi Andrew,
>
> I'm very interested in using Windows Hello for Business in small business
> environments, with Samba as the AD DC.
>
good luck I got it kind of working with :1 samba DC, 1 windows 2012 DC,
1 windows 2016 ADFS
>
> I'm sorry that I don't have great news. The schema upgrade is the easy
2020 Sep 28
1
Schema version 87 and windows Hello
> > Is this all that would be required to enable a deployment based upon a
> > traditional PKI?
> >
> If you are using windows yes, if not then you would need to find a way
> to replace the EDRS (there is a good doc about it here
>
> https://docs.microsoft.com/en-us/windows/security/identity-protection/hello-for-business/hello-how-it-works-provisioning
> )
>
2020 Sep 29
2
Schema version 87 and windows Hello
> I am not that experiences about it^^
> I think that one first step would be to strip the registration (key
> trust on my side), and once that would have been done submit the results
> to the samba team and see if it is worth funding/implementing.
> As I am not part of the samba team I cannot say more.
>
It sounds like you're suggesting that you're going to strictly
2020 Sep 30
0
Schema version 87 and windows Hello
I setup a test environment comporting of a windows 2016 evaluation
server and a windows 10 eval too so you can tag along.
Concerning the provisioning for key trust it looks like the Enterprise
Device Registration Service is the one doing most of the work, since
there are litte if no documentation about it, I prefer on my side to
focus on the day to day auth flow.
It looks like the easiest to
2020 Nov 20
3
Error Upgrading Schema
On 20/11/2020 02:13, Matthew Delfino Samba List wrote:
> Thank you, Andrew!
>
> This evening I attempted the upgrade. I first carefully commented out each of the attributes from the Schema-Updates.md file. I then saved the file and ran the following command, which gave me the subsequent output:
>
> (as root)
>
> # samba-tool domain schemaupgrade
> Temporarily
2020 Nov 20
1
Error Upgrading Schema
On 20/11/2020 15:46, Matthew Delfino Samba List wrote:
> Rowland,
>
> I had the same thought. When I do that and try again, I get this message:
>
> # samba-tool domain schemaupgrade
> Temporarily overriding 'dsdb:schema update allowed' setting
> Patched Sch49.ldf using /usr/share/samba/setup/adprep/WindowsServerDocs/Sch49.ldf.diff
> Exception in patch:
2016 Jun 01
2
ADFS support?
Hi,
Is it possible to query an Exchange server for its user list via ADFS
using samba?
I'm interested in integrating this support with postfix on my fedora
system instead of having to maintain the list in Exchange and the list
as a map in postfix.
I really don't know much about Exchange and whether/how this would
work. Is it secure?
Is LDAPS an alternative? Is it secure?
Thanks,
Alex
2024 May 31
1
Place of functional levels in Samba4 roadmap
Hi Samba list,
As you know, security is currently the buzzword for
most critical organizations. Active Directory implementations are an
important node of all the security chain.
French security agency,
called ANSSI release a tool to audit Active Directory implementations,
called ORADAD : https://github.com/ANSSI-FR/ORADAD/releases
This tool
retrieves all configuration from your AD, and make
2020 Nov 11
2
Error Upgrading Schema
On 10/11/2020 22:47, Matthew Delfino Samba List via samba wrote:
> Andrew,
>
> I feel that it is your prerogative to determine how many odd possibilities you want your tools to account for, so that they might know what to do rather than exit with an error. You have a better sense for how likely it is that someone in the wild is altering their schema and might have changed an already
2020 Sep 02
2
schemaupgrade
Hello:
I need to update the samba schema when I run the command: samba-tool domain schemaupgrade
I have this error:
Temporarily overriding 'dsdb:schema update allowed' setting
Patched Sch49.ldf using /usr/local/samba/share/setup/adprep/WindowsServerDocs/Sch49.ldf.diff
Patched Sch50.ldf using /usr/local/samba/share/setup/adprep/WindowsServerDocs/Sch50.ldf.diff
Patched Sch51.ldf using
2009 Feb 05
2
Coding help : Where to log X11 forwards?
OpenSSH 5.1p1
I can't grasp why, when connecting with 'ssh -Y' to this
test host, I am not tickling the verbose() call below that
I have added.
I am logging as auth + verbose in sshd_config
The X11 forward for the session works fine as tested with
xterm.
At any rate, I am looking for some guidance on where
to log X11 forwards that are established, ideally with
a username and remote
2020 Nov 18
2
Error Upgrading Schema
On Wed, 2020-11-18 at 23:12 +0000, Matthew Delfino Samba List via samba
wrote:
>
> There is only one thing that concerns me: One of the attributes
> specified in the Samba script has a parameter whose value directly
> contradicts the value specified in my old ldif file:
>
Well done with the analysis!
>
> In Samba script:
>
> dn:
2018 Oct 31
2
Pair ADFS with samba: possible?
hi all,
is it feasible to setup a ADFS server paired with a samba AD DC?
Are there ADFS requirements (versions not older than ..., not newer than
...) if the samba AD DC is samba-4.9.1?
I tried to match a Windows Server 2016 ADFS v3 with a samba-4.9.1 AD DC.
The web form authentication allow a user to insert username and
password, the ADFS correctly recognizes wrong password, but when
password
2019 Oct 11
1
Samba "pass" authentication to OpenID or SAML (external)
thanks,
I believe I will need to do an Adfs for this kind of authentication. I
found nothing in documented about federation service, is it possible
to do samba?
Thiago
Em sex, 11 de out de 2019 00:16, Andrew Bartlett <abartlet at samba.org>
escreveu:
> On Thu, 2019-10-10 at 21:24 -0300, Thiago Anderson Santos via samba
> wrote:
> > Hello everyone,
> > I received a
2020 Sep 29
0
Schema version 87 and windows Hello
Hi Mason,
I am not that experiences about it^^
I think that one first step would be to strip the registration (key
trust on my side), and once that would have been done submit the results
to the samba team and see if it is worth funding/implementing.
As I am not part of the samba team I cannot say more.
Vincent
On 9/29/20 6:59 PM, Mason Schmitt wrote:
> Hi Vincent,
>
> it does
2019 Jan 22
3
Changing the imaps port #
Dovecot 2.3.4, FreeBSD 11.2
Due to comcast buisness ISP intercepting imaps I need to have my clients
connect to non-standard port (9999). Previously I had been using stunnel
to receive the imaps connection and forward it to the imap port over
127.0.0.1. But I would like to retire stunnel and have my imap clients
connect remotely.
I have configured the imap-login service -
service imap-login {
2019 Jan 22
3
Changing the imaps port #
Yes, I am pretty sure about that. I originally was connected via AT&T DSL
but wanted the fast access of cable modem. I need permanent IPs which
required me to contract with Comcast buisness. Once I switched over, I was
no longer able to access my imap server, which was as I mentioned, stunnel
listening on the imaps port and forwarding to dovecot listening on the imap
port.
I was getting