[Samba] Replace completely an AD PKI authentication with Samba ?

Lionel Monchecourt lionel.monchecourt at free.fr
Sun Mar 15 16:38:51 UTC 2020

Hi Andrew,
Thanks a lot for your answer.
I found the wiki page but I was wondering how reliable is  the solution
I'm not so worried with the bug of the revoked certificate, but it is good to know , 
I will store with the certificate outside for now ... 
Thanks a lot , 
Have a good WE 

-----Original Message-----
From: Andrew Bartlett [mailto:abartlet at samba.org] 
Sent: 15 March 2020 08:38
To: Lionel Monchecourt; samba at lists.samba.org
Subject: Re: [Samba] Replace completely an AD PKI authentication with Samba ?

On Sat, 2020-03-14 at 19:52 +0100, Lionel Monchecourt via samba wrote:
> Hi, 
> I'm currently using an AD with PKI/certificate authentication ( some of my
> users are even using smartcards ).
> Could I replace my Microsoft AD & certificates with a pure Samba solution ?
> any tricks, non features I should know ? 


> If so , do you know any docker image maybe that I could start with to do my
> test ? ( or some VM ? ) 

Yes, it is known to work, but do see 

Long term, what I would prefer is to store the user certificate in the
directory (as modern Windows AD versions can), rather than by signing
with PKI, but this would require development work.


Andrew Bartlett
Andrew Bartlett                       http://samba.org/~abartlet/
Authentication Developer, Samba Team  http://samba.org
Samba Developer, Catalyst IT          http://catalyst.net.nz/services/samba

This email has been checked for viruses by Avast antivirus software.

More information about the samba mailing list