[Samba] Replace completely an AD PKI authentication with Samba ?
lionel.monchecourt at free.fr
Sun Mar 15 16:38:51 UTC 2020
Thanks a lot for your answer.
I found the wiki page but I was wondering how reliable is the solution
I'm not so worried with the bug of the revoked certificate, but it is good to know ,
I will store with the certificate outside for now ...
Thanks a lot ,
Have a good WE
From: Andrew Bartlett [mailto:abartlet at samba.org]
Sent: 15 March 2020 08:38
To: Lionel Monchecourt; samba at lists.samba.org
Subject: Re: [Samba] Replace completely an AD PKI authentication with Samba ?
On Sat, 2020-03-14 at 19:52 +0100, Lionel Monchecourt via samba wrote:
> I'm currently using an AD with PKI/certificate authentication ( some of my
> users are even using smartcards ).
> Could I replace my Microsoft AD & certificates with a pure Samba solution ?
> any tricks, non features I should know ?
> If so , do you know any docker image maybe that I could start with to do my
> test ? ( or some VM ? )
Yes, it is known to work, but do see
Long term, what I would prefer is to store the user certificate in the
directory (as modern Windows AD versions can), rather than by signing
with PKI, but this would require development work.
Andrew Bartlett http://samba.org/~abartlet/
Authentication Developer, Samba Team http://samba.org
Samba Developer, Catalyst IT http://catalyst.net.nz/services/samba
This email has been checked for viruses by Avast antivirus software.
More information about the samba