[Samba] Replace completely an AD PKI authentication with Samba ?

Andrew Bartlett abartlet at samba.org
Sun Mar 15 07:38:29 UTC 2020

On Sat, 2020-03-14 at 19:52 +0100, Lionel Monchecourt via samba wrote:
> Hi, 
> I'm currently using an AD with PKI/certificate authentication ( some of my
> users are even using smartcards ).
> Could I replace my Microsoft AD & certificates with a pure Samba solution ?
> any tricks, non features I should know ? 


> If so , do you know any docker image maybe that I could start with to do my
> test ? ( or some VM ? ) 

Yes, it is known to work, but do see 

Long term, what I would prefer is to store the user certificate in the
directory (as modern Windows AD versions can), rather than by signing
with PKI, but this would require development work.


Andrew Bartlett
Andrew Bartlett                       http://samba.org/~abartlet/
Authentication Developer, Samba Team  http://samba.org
Samba Developer, Catalyst IT          http://catalyst.net.nz/services/samba

More information about the samba mailing list