[Samba] Revocation with CRL doesn't work for smartcards
Peter L
plings1967 at gmail.com
Thu Sep 21 11:01:12 UTC 2017
Hi,
I have a smartcard which is revoked in the Certificate Revocation List
(CRL) but I can still login. Seams like the CRL check is not performed. Any
known bug around this?
Server setup:
- Samba 4.4 on Debian as AD DC
- Created domain MYDOM
- smb.conf (extract):
tls enabled = yes
tls crlfile = tls/mycrl.pem (default is to look under private/ folder)
Client setup:
- Windows 7 machine as client
- Joined to the MYDOM domain
- Login ok with both username/password and smartcards
Smart card:
- Principal name test123 at mydom.com (extended attribute)
- Certificate with serial number 0x12ab
CRL:
- In file system: ..../private/tls/mycrl.pem
- Contains serial number 0x12ab
More information about the samba
mailing list