Certificate services

Thomas Epperson thomas.epperson at gmail.com
Mon Feb 15 15:01:12 UTC 2021

Is this something I need to implement with code changes to samba or can I
implement this using an existing configuration (and another process to
implement the certificate services)? (Perhaps server services in smb.conf?)


On Tue, Feb 9, 2021 at 3:46 AM Denis CARDON <dcardon at tranquil.it> wrote:

> Hi Andrew and Thomas,
> Le 09/02/2021 à 09:26, Andrew Bartlett via samba-technical a écrit :
> > On Fri, 2021-02-05 at 23:03 -0500, Thomas Epperson via samba-technical
> > wrote:
> >> Hello,
> >>
> >> Have there been any efforts or are there any technical boundaries to
> >> implementing the certificate services in samba (as would be used with
> >> active directory) ? I am looking to implement it and thought adding
> >> it to
> >> samba would make sense.
> >
> > I've not looked into it but are you thinking in terms of what would
> > allow a member server to self-issue a certificate in its own name etc?
> I have a client who had to setup an ADCS (AD Certificate Service) for
> VMWare Horizon. It has been set up on a member server joined to a
> Samba-AD domain and it does work properly (at least for that use case)
> for auto enrollment.
> They have a separate CA for the other stuff (user certificates, https
> server certificates, etc.), so I cannot say for every use cases.
> Cheers,
> Denis
> > A CA manager is a complex beast (once CRLs or OCSP etc start happening)
> > so I wonder if we should bridge any interfaces we need to supply to an
> > existing project.
> >
> > But beyond that have a go I suppose!  I've not heard of any other
> > efforts that are Samba-integrated.
> >
> > Andrew,
> >

Thomas Epperson
Build a man a fire, and he'll be warm for a day. Set a man on fire, and
he'll be warm for the rest of his life. - Terry Pratchett.

More information about the samba-technical mailing list