[Samba] ldapsearch against Samba4 AD questions
mathias dufresne
infractory at gmail.com
Fri Oct 16 09:17:18 UTC 2015
Regarding these certificates, wouldn't be a good thing to re-use the CA
certificate generated for the first DC on all others DC inside a same
domain?
In case of authentication using TLS clients would neeed to know only this
CA cert to edeal with the whole AD (or perhaps I missed something, which
would not surprise me regarding the fact I'm not familiar enough with TLS,
SSL, cert and so on).
Kindly regards,
mathias
2015-10-16 10:42 GMT+02:00 Andrew Bartlett <abartlet at samba.org>:
> On Thu, 2015-10-15 at 16:22 +0200, mathias dufresne wrote:
> > ERRATUM:
> > It seems GSSAPI and TLS are *NOT* meant to be used together:
>
> Correct, you can't encrypt with both layers at once. GSSAPI encryption
> is better anyway, as you probably don't have a real CA on the server's
> TLS X.509 certificate.
>
> Andrew Bartlett
> --
> Andrew Bartlett http://samba.org/~abartlet/
> Authentication Developer, Samba Team http://samba.org
> Samba Developer, Catalyst IT
> http://catalyst.net.nz/services/samba
>
>
>
>
More information about the samba
mailing list