[Samba] Samba 4 & Smart card logon

Charalampos Anargyrou charalampos.anargyrou at gmail.com
Mon Jul 2 08:24:29 MDT 2012

Hello list,

I have installed and configured a domain with Samba version 
4.0.0beta2-GIT-7e80b89 on a CentOS 6.2

I can successfully join a Windows PC in the domain (both Windows XP and 
Windows 7 tested)

Now, I am trying to move a step forward and I would like to configure 
Samba to accept Windows smart card logon
This is a requirement for a project I am involved to

I have already installed the required client on Windows and I have a 
smart card for testing
I have already installed EJBCA as my CA on CentOS 6.2

On Samba wiki the how to in 
http://wiki.samba.org/index.php/Samba4/Smart_Card_Login is not ready, so 
if anyone can help I will appreciate it
According to the headers in the how to, I have to configure Heimdal to 
accept PKINIT
I found a guide on 
I've also found a guide on 
http://k5wiki.kerberos.org/wiki/Pkinit_configuration for MIT Kerberos 
which has some more info on the certificates

I have created the Kerberos certificate according to what I have 
understood from the guides but I don't know how to test if the 
certificate is correct
So, my first question is how to test if the Kerberos certificate is correct?
Second question is when I create a client certificate (I think I 
understood from the guides how to create) how I will test it?
Will a kinit command like "kinit -C FILE:$HOME/clientcert.crt 
example-user at EXAMPLE-DOMAIN" be enough to test the client certificate?

And a final question (for now) is if there is any kind of documentation 
related to "Configure Samba4 to know about the certificate" and where I 
can find it?

Kind Regards,

More information about the samba mailing list