Talk:Samba AD Smart Card Login

From SambaWiki
Revision as of 14:10, 17 December 2022 by Mjt (talk | contribs)

multiple domain controllers

There can (and actually should) be multiple domain controllers. It isn't clear what to do in this case, which GUUID to use. The controllers are interchangeable, and the "primary" DC can be demoted and even removed. Should this be a domain GUUID, not the domain controller GUUID maybe?

expiration time

the HOWTO suggest to set 20 years expiration time for the Root CA, the example requests 10 years (3650 days).


userPrincipalName

It turned out that users in our domain does not have userPrincipalName attributes to begin with. And in the AD "Users and Computers" configuration in windows10, in "Attribute Editor" page, there's no way to insert an attribute. I had to add UPNs manually using samba-tool user edit command.

Retrieved from "https://wiki.samba.org/index.php?title=Talk:Samba_AD_Smart_Card_Login&oldid=18518"