[Samba] Samba 4 AD SmartCard Authentication Problem
Hans Schulze
h.schulze at labor-ostsachsen.de
Thu Jul 20 09:13:23 UTC 2023
Big Fail. I should drink more coffee.
Am 20.07.2023 um 11:05 schrieb Hans Schulze via samba:
> Confusing. Github says that is open. Ok. My mistake.
>
> The question remains why the Windows clients allow login for an
> expired certificate despite a correctly loaded CRL. What is the
> purpose of specifying the CRL in smb.conf?
>
> It seems to me that the smartcard login is not really reliable. Then
> my users still have to log in with password. For now, as long as 4.19
> is not yet released.
>
> Hans Schulze
> EDV
>
> Tel: +49 3581 66931-41
> Fax: +49 3581 66931-281
> Mail: h.schulze at labor-ostsachsen.de
>
>
> Medizinisches Labor Ostsachsen MVZ GbR
> Nebenbetriebsstätte Görlitz
> Cottbuser Straße 11
> D-02826 Görlitz
> www.labor-ostsachsen.de <https://www.labor-ostsachsen.de>
>
> Die Hauptbetriebsstätte der Medizinisches Labor Ostsachsen MVZ GbR
> befindet sich in der Flinzstraße 1 in 02625 Bautzen. Die Medizinisches
> Labor Ostsachsen MVZ GbR wird vertreten durch die Gesellschafter Prof.
> Dr. med. habil. Thomas Luther, Dr. med. Niclaas Bliesener, Dr. med.
> Claudia Friedrichs, Dr. med. Anja Gruss, Dr. med. Gilda Gudacker, Dr.
> med univ. Christine Hofer, Thomas Kirchner und PD Dr. med. habil.
> Peter Reichardt.
>
> Sollten Sie nicht der vorgesehene Empfänger sein, würden wir Sie darum
> bitten, dies dem Absender zu melden und darauf zu verzichten, Inhalte
> der Mail weiter zu veröffentlichen.
> Am 20.07.2023 um 10:47 schrieb Rowland Penny via samba:
>>
>>
>> On 20/07/2023 09:37, Hans Schulze via samba wrote:
>>> I found an old bugzilla report for this behavior:
>>>
>>> https://bugzilla.samba.org/show_bug.cgi?id=9612
>>>
>>> According to the statements in it, there was a patch already in
>>> version 4.16 and in heimdal 8 last year? Which option must be in the
>>> krb5.conf?
>>
>> Sorry, but I read it slightly differently, there was a patch
>> available, but it wasn't integrated into 4.16, but it has now been
>> added to samba master, so it should be in 4.19.0
>>
>> Rowland
>>
More information about the samba
mailing list