[Samba] Authenticating to samba LDAP using a TLS cert?

Norbert Hanke norbert.hanke at gmx.ch
Fri Jan 3 15:40:55 UTC 2025


That is known as PKINIT for Kerberos and according to
https://wiki.samba.org/index.php/Samba_AD_Smart_Card_Login it should work.

In the Windows world it's usually with users having a Smartcard holding
key and certificate, but protocol-wise should work with any client
certificate having the correct attributes that allows to map the
certificate to a Windows user.

I never tried it in my owm Samba-based infrastructure but the company I
worked for used it big-scale with Smartcards and Windows DCs.

Regards,
Norbert

On 1/3/2025 2:05 PM, Michael Tokarev via samba wrote:
> Hi!
>
> Is it possible to authenticate to samba-provided LDAP service using
> a TLS certificate, instead of using a username (actually a DN) and
> a password?
>
> Thanks,
>
> /mjt
>



More information about the samba mailing list