[Samba] Samba AD Smart Card Login
Olivier BILHAUT
obilhaut at fondation-misericorde.fr
Mon Jul 12 15:43:03 UTC 2021
Hi Samba users !
Working in healthcare, our medical users have a
personnal smart card given by authorities.
My goal is to manage a
central authentication method based on SSmart Card and our existing
Samba4. I would love to use Samba4 as DC and PKI server to authenticate
our users with this smart card.
I worked hard with this doc :
https://wiki.samba.org/index.php/Samba_AD_Smart_Card_Login
but failed
when the CA nees to issue de certificate.
I guess that errors are
about extra oids, and/or the section added as "subjectAltName".
Do you
think that there is a straightforward way to implement this kind of
configuration ? Maybe a fresher doc ?
For the most technical of you,
our OpenSSL version is 1.1.1d on Debian 10 and here is the output :
Error Loading extension section
usr_cert_mskdc
140201503388800:error:0E06D06C:configuration file
routines:NCONF_get_string:no
value:../crypto/conf/conf_lib.c:273:group=CA_default
name=email_in_dn
140201503388800:error:0E06D06C:configuration file
routines:NCONF_get_string:no
value:../crypto/conf/conf_lib.c:273:group=CA_default
name=rand_serial
140201503388800:error:0D06407A:asn1 encoding
routines:a2d_ASN1_OBJECT:first num too
large:../crypto/asn1/a_object.c:73:
140201503388800:error:2206706E:X509
V3 routines:v2i_EXTENDED_KEY_USAGE:invalid object
identifier:../crypto/x509v3/v3_extku.c:96:section:<NULL>,name:msKDC,value:<NULL>
140201503388800:error:22098080:X509
V3 routines:X509V3_EXT_nconf:error in
extension:../crypto/x509v3/v3_conf.c:47:name=extendedKeyUsage,
value=clientAuth, serverAuth, msKDC
Thanks a lot and long life to this
list.
--
OB
More information about the samba
mailing list