Web lists-archives.com

[Samba] Revocation with CRL doesn't work for smartcards




Hi,
I have a smartcard which is revoked in the Certificate Revocation List
(CRL) but I can still login. Seams like the CRL check is not performed. Any
known bug around this?

Server setup:
- Samba 4.4 on Debian as AD DC
- Created domain MYDOM
- smb.conf (extract):
    tls enabled = yes
    tls crlfile = tls/mycrl.pem (default is to look under private/ folder)

Client setup:
- Windows 7 machine as client
- Joined to the MYDOM domain
- Login ok with both username/password and smartcards

Smart card:
- Principal name test123@xxxxxxxxx (extended attribute)
- Certificate with serial number 0x12ab

CRL:
- In file system: ..../private/tls/mycrl.pem
- Contains serial number 0x12ab
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba