[Samba] Samba4 ADDC /w Windows SC login

Restemayer chris_restemayer at restemayerdds.com
Wed Aug 17 15:27:22 UTC 2016

I'm setting up a small dental office with smartcard authentication for their
computers for convenience, security, and meet HIPAA requirements for
tracking logins.  I'm using a samba Active Directory setup because at this
point, spending $1000 on a copy of the latest Windows Server isn't an
option.  I'm am currently on my 4th attempt at it.  Previously, I was
compiling it from source on Ubuntu, but for this next attempt I'm going with
a Univention VMware image instead to hopefully make it go a little faster.  
So, basically, every time, the Active Directory system seems to work fine. 
The domain exists, I can log into it, and can access it through RSAT... at
least for those functions that exist in a Samba setup, anyway.  Where I'm
running into a roadblock is with the certificates.  I've set up my own CA,
been slogging through this
(https://wiki.samba.org/index.php/Samba_AD_Smart_Card_Login) verbatim (other
than changing the necessary stuff to make it for my domain, obviously)...
and when I go to login, it doesn't work.  The best I can tell, it recognizes
the certificate I've put on the card, it recognizes the root CA certificate,
but it can't find the DC certificate.  That is what certutil -dcinfo kicks
back anyway: "KDC Certificate not found".  I've tried publishing the DC
certificate.  I've tried manually putting it into the enterprise stores. 
I've tried putting it into the group policy system.  I've tried fiddling
with the auto-enrollment system (turning it on... turning it off).  Nothing
works.  I am completely out of ideas here.
Any thoughts?

View this message in context: http://samba.2283325.n4.nabble.com/Samba4-ADDC-w-Windows-SC-login-tp4706730.html
Sent from the Samba - General mailing list archive at Nabble.com.

More information about the samba mailing list