PeterL's picture

I'm trying to add a user with smartcard to samba4. That is, the user shall use smartcard/pin for login instead of username/password. This is accomplished by (among lots of other things) adding the users certificate to samba db. Parameter to add is 'userCertificate;binary'

However, I cannot add the certificate parameter due to that "userCertificate does not exists in the schema" according to error message.

I use ldapmodify basically as this example https://docs.oracle.com/cd/E19424-01/820-4809/6ng8g5576/index.html

The thing is, when I create a user in the system, he/she always get some objectClass parameters which I haven't asked for. For instance 'Person', 'organizationalPerson' etc. These objecClasses does not have 'userCertificate' as possible parameter. But objectClass 'inetOrgPerson' has 'userCertificate'. So I added that class ('inetOrgPerson') to my user, but no luck. Still 'userCertificate does not exists in the schema'

What to do?

Environment; server: debian, client: debian

Forum: 
Jeremy Davis's picture

We are Debian based and do provide a Samba4 appliance (Domain Controller) but we are far from Samba4 experts. You might be lucky, but I doubt anyone in our community will be able to help you out. AFAIK Samba have a mailing list and I suggest that that's probably your best bet.

Or if you think it's a bug in the Debian package, then probably lodge a bug report with Debian.

Good luck.

PeterL's picture

[solved]

It turns out that Samba doesn't need the 'binary' extension on the 'userCertificate' attribute. In fact, Samba really DON'T WANT it! But when I specify 'userCertificate' without 'binary', Samba is happy and ads the attribute.

Obviously Samba figures out by itself that the parameter is in binary format...

Jeremy Davis's picture

Thanks for posting back with a solution. :)

Add new comment