Hi Dochelp,
I'm trying to get CEP/CES (Certificate Auto Enrollment) with Samba working against Windows 2025. The last time [1] I had issues with CEP and we debugged it and I was to fix it. This time I'm struggling with CES trying to request a user certificate. Looking at the IIS logs I can see that I successfully talked to CEP, but I'm not able to talk to CES. 2025-12-03 15:20:33 192.168.56.193 POST /ADPolicyProvider_CEP_Kerberos/ service.svc/CEP - 443 - 192.168.56.247 python-requests/2.32.5 - 401 2 5 149 2025-12-03 15:20:33 192.168.56.193 POST /ADPolicyProvider_CEP_Kerberos/ service.svc/CEP - 443 MARS\alice 192.168.56.247 python-requests/2.32.5 - 200 0 0 186 2025-12-03 15:20:33 192.168.56.193 POST /MARS-ROOT-CA_CES_Kerberos/ service.svc/CES - 443 - 192.168.56.247 python-requests/2.32.5 - 401 2 5 135 2025-12-03 15:20:33 192.168.56.193 POST /MARS-ROOT-CA_CES_Kerberos/ service.svc/CES - 443 - 192.168.56.247 python-requests/2.32.5 - 401 1 2148074254 5 2025-12-03 15:20:33 192.168.56.193 POST /MARS-ROOT-CA_CES_Kerberos/ service.svc/CES - 443 - 192.168.56.247 python-requests/2.32.5 - 401 1 2148074254 0 Sadly I don't see why exactly it gives Unauthorized. I'm happy to create a TTrace to figure out why what exactly fails. That often helps to fix the issue :-) My setup is described here: https://github.com/openSUSE/cepces/blob/master/doc/TESTING_SETUP.md Looking forward to hear from you. Best regards Andreas [1] https://lists.samba.org/archive/cifs-protocol/2025-July/004500.html -- Andreas Schneider [email protected] Samba Team www.samba.org GPG-ID: 8DFF53E18F2ABC8D8F3C92237EE0FC4DCC014E3D _______________________________________________ cifs-protocol mailing list [email protected] https://lists.samba.org/mailman/listinfo/cifs-protocol
