[Samba] Your advices regarding authentication methods compatible with S4
Olivier BILHAUT
obilhaut at fondation-misericorde.fr
Mon Mar 19 11:01:12 UTC 2018
Hi Andrew, Hi Sam,
Many thanks for your quick replies, we already
worked on this doc page but due to the lack of smart card reader/writer,
we did not finished the setup. We'll buy some hadware and create a
testing S4 lab to finish this config.
What about biometry ? Is there a
way to store any biometrical information into the ldap backend ?
Is
there by any chance any other third-party authentication method/tool
that we can plug on S4 ? We would be pleased to avoid using another
smart card if possible.
Cheers.
--
Olivier B
Le 2018-03-19 04:36,
Andrew Bartlett a écrit :
> On Mon, 2018-03-19 at 11:55 +1300, Garming
Sam via samba wrote:
>
>> Hi, Maybe this page might be helpful. I don't
know how up to date it is, but the expectation seems to be that it
should be able to work with alternative forms of authentication (with
Kerberos PKINIT).
https://wiki.samba.org/index.php/Samba_AD_Smart_Card_Login [1]
>
>
Yeah, I think something that presents as smart card login is likely to
>
be the best bet. Smart cards are a pain, but could certainly help with
>
the speed (compared with long complex passwords).
>
> The PKINIT stuff
is meant to work, certainly worth a play in the lab.
> The main thing I
would want to check on is revocation of the
> certificates (for when a
badge is lost/stolen). We may need to work
> on that to use some kind of
online check or to get Heimdal to re-load
> the Certificate Revocation
list if it doesn't already.
>
> Andrew Bartlett
Links:
------
[1]
https://wiki.samba.org/index.php/Samba_AD_Smart_Card_Login
More information about the samba
mailing list