[Samba] Samba integration with Microsoft CA server 2012 R2

Andrew Bartlett abartlet at samba.org
Sat Jan 10 11:24:33 MST 2015

On Sat, 2015-01-10 at 15:23 +0330, Maryam Lahijani wrote:
> Hi
> I am new to this mailing list.we encounter  a problem in our network,we
> have a samba 4 as an domain controller .  for deploying dot1.x(IEE802.1x)
> in our network our firewall team run a windows  CA Server 2012 R2 to work
> with EAP-ttls protocol.
> It generate a CA for domain controllers that should be imported in trusted
> certification authorities that i imported with rsat console in this
> directory .
> After that the dc (that here is samba 4) should send e request for CA
> server and the server issues a personal Ca with the name of dc and it comes
> in personal certificate.but even after restarting samba services it doesn't
> request from CA server and there is no way to issue and import that CA
> manually.IS there any way to force or push samba to request certificate
> from CA Server?

For Samba's LDAP server, the certificate private and public keys are
controlled by smb.conf options pointing at files on disk.  You have to
create the files yourself, manually interacting with the CA.  See man
smb.conf for the tls * = parameters, starting at tls ca.

Andrew Bartlett                       http://samba.org/~abartlet/
Authentication Developer, Samba Team  http://samba.org
Samba Developer, Catalyst IT          http://catalyst.net.nz/services/samba

More information about the samba mailing list