[Samba] Your advices regarding authentication methods compatible with S4

Olivier BILHAUT obilhaut at fondation-misericorde.fr
Mon Mar 19 11:01:12 UTC 2018


Hi Andrew, Hi Sam, 

Many thanks for your quick replies, we already
worked on this doc page but due to the lack of smart card reader/writer,
we did not finished the setup. We'll buy some hadware and create a
testing S4 lab to finish this config. 

What about biometry ? Is there a
way to store any biometrical information into the ldap backend ? 

there by any chance any other third-party authentication method/tool
that we can plug on S4 ? We would be pleased to avoid using another
smart card if possible. 



Olivier B

Le 2018-03-19 04:36,
Andrew Bartlett a écrit : 

> On Mon, 2018-03-19 at 11:55 +1300, Garming
Sam via samba wrote:
>> Hi, Maybe this page might be helpful. I don't
know how up to date it is, but the expectation seems to be that it
should be able to work with alternative forms of authentication (with
Kerberos PKINIT).
https://wiki.samba.org/index.php/Samba_AD_Smart_Card_Login [1]
Yeah, I think something that presents as smart card login is likely to
be the best bet. Smart cards are a pain, but could certainly help with
the speed (compared with long complex passwords). 
> The PKINIT stuff
is meant to work, certainly worth a play in the lab. 
> The main thing I
would want to check on is revocation of the
> certificates (for when a
badge is lost/stolen). We may need to work
> on that to use some kind of
online check or to get Heimdal to re-load
> the Certificate Revocation
list if it doesn't already. 
> Andrew Bartlett


More information about the samba mailing list