[Samba] Smart card logon

[Andrew Bartlett]

On Thu, 2008-02-21 at 08:48 +0100, Asier Baranguán wrote:
> Andrew Bartlett escribió:
> 
> >> It's one task of my daily work. I've deployed smartcard logons in several customer 
> >> scenarios, with Windows 2003 Enterprise domains using n-level certification autorities, 
> >> using Microsoft CA Certificate Services and externally trusted certification authorities. 
> >> Some clients have Linux-based servers and workstations. Making smartcard logon work in 
> >> this systems would be very, very appreciated.
> > 
> > OK, I wasn't particularly looking at the client end, but this has been
> > known to work.  The group I'm part of at Red Hat demo'ed this working
> > while showing off using Red Hat certificate system. 
> 
> What were you looking for? server side? I mean, integration in server side between a CA 
> and the server?

Quite simply:  What do I have to do to make a WinXP client accept a
smartcard for login, when in a Samba4 domain.  

I have a CA and tokens, but not much knowledge on how to use them... (I
have access to Red Hat's proprietary product & token, as well as an
Aladdin token and software).

> > I can help you with this, and perhaps you can help me making Samba4 as a
> > server and KDC support this, for windows clients.
> 
> That would be great, I'm very interested in this setup.

I'll see what I can find out for you, but have you tried out Fedora 8's
smartcard integration?  With the right pcsc drivers loaded, it should
mostly be a matter of configuration with system-config-auth.

Andrew Bartlett

-- 
Andrew Bartlett
http://samba.org/~abartlet/
Authentication Developer, Samba Team           http://samba.org
Samba Developer, Red Hat Inc.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
Url : http://lists.samba.org/archive/samba-technical/attachments/20080221/99ad2676/attachment.bin