[Samba] Samba and AD Certificate Services

L.P.H. van Belle belle at bazuin.nl
Fri Feb 15 10:11:41 UTC 2019

Hai Pierro, 

> -----Oorspronkelijk bericht-----
> Van: samba [mailto:samba-bounces at lists.samba.org] Namens 
> Pietro Stäheli via samba
> Verzonden: vrijdag 15 februari 2019 10:48
> Aan: samba at lists.samba.org
> Onderwerp: [Samba] Samba and AD Certificate Services
> Hi folks,
> Does anybody have experience using ADCS in conjunction with Samba? I
> would like to create certificates using ADCS as a CA to create
> certificates to be deployed to servers running web applications. It
> would be very convenient to have joined Windows computers 
> automatically
> trust certificates issued my own CA instead of having to import
> certificates manually on every browser on every computer.

Your looking for this: 

Dont look at the "Smart Card Login" part but the pics here show perfeclty howto do this. 

> Is that scenario possible running only Samba? I can't find much in the
> way of documentation.

Hmm, there was more on the wiki.. I'll do a extra search.. 

> Am I correct in understanding that the certificates and keys in
> private/tls/ are only meant to enable StartTLS/LDAPS connections?
For samba yes, but if you add the RootCA to you computers then you can do with with what you want. 

Small tip of you want own certs.
 https://hohnstaedt.de/xca/ but you can use anything you like to generate certs. 
If you search good in the list, you wil find some user that make lets encrypt work also with dehydrated. 

> Pietro



More information about the samba mailing list