[Samba] 2FA for AD-users
Travis Wenks
travis at rosecitysolutions.com
Mon Dec 5 18:01:40 UTC 2022
We use duo and it works very well.
Have set up for multiple clients.
Travis Wenks
Rose City Solutions
travis at rosecitysolutions.com
503-821-7000
On Fri, Dec 2, 2022 at 7:32 AM Kees van Vloten via samba <
samba at lists.samba.org> wrote:
>
> On 02-12-2022 16:26, Stefan Kania via samba wrote:
> >
> >
> > Am 02.12.22 um 13:59 schrieb Stefan Kania via samba:
> >>
> >>
> >> Am 02.12.22 um 13:17 schrieb Kees van Vloten via samba:
> >>> On 02-12-2022 13:12, Stefan Kania via samba wrote:
> >>>> Hello everybody,
> >>>> I'm looking for a solution to use 2FA on a user login on a Windows
> >>>> client.
> >>>> What I want:
> >>>> Every time an AD-user is login on a windows system he must not only
> >>>> give his password but also a second factor. The second factor
> >>>> should be timebased. The way to generate the second factor can be
> >>>> the googleauthenticator via a smartphone app or any USB-device that
> >>>> can create a second factor.
> >>>> I found an article in samba-wiki but it's with win7. Is there any
> >>>> solution?
> >>>> There are some third party tools for a Windows-AD to realize 2FA
> >>>> for AD-users. Is there maybe a way to use this tools together with
> >>>> a Samba-AD. I know those tool are not Opensource and I have to pay
> >>>> for it, but this doesn't matters.
> >>>> So any solution is welcome :-)
> >>>>
> >>>
> >>> Have a look at Privacyidea.
> >>> I use it for MFA web- and openvpn-login against Samba but it has a
> >>> plugin for MFA windows login as well.
> >>>
> >>> - Kees
> >>>
> >> Thank's Kees,
> >> I looked at it, but I think you can generate a 2FA for users located
> >> in an AD to authenticate against web-application, but I can't find
> >> any hint on how to set up the Windows-authentcation. I don't need a
> >> new login-screen for Windows (what some commercial tools have) I
> >> could do the 2FA like it's possible with OpenLDAP give the username
> >> and then the password2fs combination. Protecting a web-application is
> >> no problem the problem is always the userlogin to the workstation
> >> :-(. But that's what I'm looking for.
> >>
> >>
> >>
> > I found it :-) but up to now it only shows how it works with an
> > Microsoft-AD. I contacted a company which provides solutions for
> > PrivacyIDEA if it would work with Samba-AD. Let's wait and see ;-)
> >
> You could also try the forum: https://community.privacyidea.org
>
>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions: https://lists.samba.org/mailman/options/samba
>
More information about the samba
mailing list