[Samba] Samba 4 & Smart card logon
Charalampos Anargyrou
charalampos.anargyrou at gmail.com
Mon Jul 2 08:24:29 MDT 2012
Hello list,
I have installed and configured a domain with Samba version
4.0.0beta2-GIT-7e80b89 on a CentOS 6.2
I can successfully join a Windows PC in the domain (both Windows XP and
Windows 7 tested)
Now, I am trying to move a step forward and I would like to configure
Samba to accept Windows smart card logon
This is a requirement for a project I am involved to
I have already installed the required client on Windows and I have a
smart card for testing
I have already installed EJBCA as my CA on CentOS 6.2
On Samba wiki the how to in
http://wiki.samba.org/index.php/Samba4/Smart_Card_Login is not ready, so
if anyone can help I will appreciate it
According to the headers in the how to, I have to configure Heimdal to
accept PKINIT
I found a guide on
http://www.h5l.org/manual/HEAD/info/heimdal/Setting-up-PK_002dINIT.html
I've also found a guide on
http://k5wiki.kerberos.org/wiki/Pkinit_configuration for MIT Kerberos
which has some more info on the certificates
I have created the Kerberos certificate according to what I have
understood from the guides but I don't know how to test if the
certificate is correct
So, my first question is how to test if the Kerberos certificate is correct?
Second question is when I create a client certificate (I think I
understood from the guides how to create) how I will test it?
Will a kinit command like "kinit -C FILE:$HOME/clientcert.crt
example-user at EXAMPLE-DOMAIN" be enough to test the client certificate?
And a final question (for now) is if there is any kind of documentation
related to "Configure Samba4 to know about the certificate" and where I
can find it?
Kind Regards,
Charalampos
More information about the samba
mailing list