[Samba] Samba 4 AD SmartCard Authentication Problem

Hans Schulze h.schulze at labor-ostsachsen.de
Thu Jul 20 09:05:40 UTC 2023

Confusing. Github says that is open. Ok. My mistake.

The question remains why the Windows clients allow login for an expired 
certificate despite a correctly loaded CRL. What is the purpose of 
specifying the CRL in smb.conf?

It seems to me that the smartcard login is not really reliable. Then my 
users still have to log in with password. For now, as long as 4.19 is 
not yet released.

Hans Schulze

Tel: 	+49 3581 66931-41
Fax: 	+49 3581 66931-281
Mail: 	h.schulze at labor-ostsachsen.de

Medizinisches Labor Ostsachsen MVZ GbR
Nebenbetriebsstätte Görlitz
Cottbuser Straße 11
D-02826 Görlitz
www.labor-ostsachsen.de <https://www.labor-ostsachsen.de>

Die Hauptbetriebsstätte der Medizinisches Labor Ostsachsen MVZ GbR 
befindet sich in der Flinzstraße 1 in 02625 Bautzen. Die Medizinisches 
Labor Ostsachsen MVZ GbR wird vertreten durch die Gesellschafter Prof. 
Dr. med. habil. Thomas Luther, Dr. med. Niclaas Bliesener, Dr. med. 
Claudia Friedrichs, Dr. med. Anja Gruss, Dr. med. Gilda Gudacker, Dr. 
med univ. Christine Hofer, Thomas Kirchner und PD Dr. med. habil. Peter 

Sollten Sie nicht der vorgesehene Empfänger sein, würden wir Sie darum 
bitten, dies dem Absender zu melden und darauf zu verzichten, Inhalte 
der Mail weiter zu veröffentlichen.
Am 20.07.2023 um 10:47 schrieb Rowland Penny via samba:
> On 20/07/2023 09:37, Hans Schulze via samba wrote:
>> I found an old bugzilla report for this behavior:
>> https://bugzilla.samba.org/show_bug.cgi?id=9612
>> According to the statements in it, there was a patch already in 
>> version 4.16 and in heimdal 8 last year? Which option must be in the 
>> krb5.conf?
> Sorry, but I read it slightly differently, there was a patch 
> available, but it wasn't integrated into 4.16, but it has now been 
> added to samba master, so it should be in 4.19.0
> Rowland

More information about the samba mailing list