[Samba] Schema version 87 and windows Hello

Mason Schmitt mason at ftlcomputing.com
Wed Sep 30 19:40:57 UTC 2020

On Wed, 30 Sep 2020 at 03:20, mailist <mailist at kaminot.xyz> wrote:

> I setup a test environment comporting of a windows 2016 evaluation
> server and a windows 10 eval too so you can tag along.

Thanks Vincent.

Concerning the provisioning for key trust it looks like the  Enterprise
> Device Registration Service is the one doing most of the work, since
> there are litte if no documentation about it, I prefer on my side to
> focus on the day to day auth flow.

Makes sense to me.

It looks like the easiest to implement would be the certificate trust
> (
> https://docs.microsoft.com/en-us/windows/security/identity-protection/hello-for-business/hello-how-it-works-provisioning
> )

Yes, if you already have a CA, this looks to be the path that will have the
least amount of Samba development required.  The key based auth would
require less infrastructure (no need for a CA), but then it would require
more changes to Samba.

> And it is probably very similar to a smart key process (if you can believe
> that the
> https://docs.microsoft.com/en-us/windows/security/identity-protection/hello-for-business/hello-how-it-works-authentication
> is true)

That was my impression as well.


More information about the samba mailing list