Mcrosoft PKI+Samba AD

p3030128 · 04-07-2015, 03:42 AM

Hello to all,

Have you ever tried to build Samba as Active directory domain controller in order to install Active Directory Certificate Services???

The purpose is to have an enterprise ca with samba ad instead of common microsoft active directory.

The only thing i didn't manage to fix is a smart card logon certificate in order user to login with theirs smart cards.

Any help would be appreciated!

Thank you in advance,

IP

TB0ne · 04-07-2015, 09:50 AM

Quote:

Originally Posted by p3030128

Hello to all,
Have you ever tried to build Samba as Active directory domain controller in order to install Active Directory Certificate Services??? The purpose is to have an enterprise ca with samba ad instead of common microsoft active directory. The only thing i didn't manage to fix is a smart card logon certificate in order user to login with theirs smart cards.

Smart card integration is covered in the Samba documentation. Did you look there?
https://wiki.samba.org/index.php/Sam...art_Card_Login

Also, certificate/kerberos integration is also documented:
https://access.redhat.com/documentat.../windbind.html
https://jimshaver.net/2014/07/13/set...-ubuntu-14-04/

p3030128 · 04-07-2015, 10:01 AM

Yes, i've already checked them!
Especially on the first url it says that i had to enable tls on smb.conf and replace the certificates with those i've published from my microsoft pki (domain+rootca certificates) on the krb5.conf.

When i enable tls there is no communication with the domain from my windows 7 clients(registry is already configured for tls 1.1 and tls 1.2).

Any thoughts?