[Samba] Question about certificates on Samba AD/DC
Marco Gaiarin
gaio at sv.lnf.it
Mon Jun 15 11:01:54 UTC 2020
Mandi! Andrew Bartlett via samba
In chel di` si favelave...
> That would make a lot of sense.
But this (eg, certificate management, or non-management ;) it is not a
trouble, right? Currently, on my first DC:
root at vdcsv1:~# openssl x509 -in /var/lib/samba/private/tls/ca.pem -noout -dates
notBefore=Sep 20 10:39:47 2017 GMT
notAfter=Aug 21 10:39:47 2019 GMT
root at vdcsv1:~# openssl x509 -in /var/lib/samba/private/tls/cert.pem -noout -dates
notBefore=Sep 20 10:39:47 2017 GMT
notAfter=Aug 21 10:39:47 2019 GMT
so both CA and cert are expired. But my domain works as expected.
Probably is because i've disabled CA verification in libldap (eg:
TLS_REQCERT never
in /etc/ldap/ldap.conf), but make it sense.
Speaking differently:
1) what are the advantage and the drawbacks of managing certificates in
samba?
2) how behave Windows Server?
Thanks.
--
dott. Marco Gaiarin GNUPG Key ID: 240A3D66
Associazione ``La Nostra Famiglia'' http://www.lanostrafamiglia.it/
Polo FVG - Via della Bontà, 7 - 33078 - San Vito al Tagliamento (PN)
marco.gaiarin(at)lanostrafamiglia.it t +39-0434-842711 f +39-0434-842797
Dona il 5 PER MILLE a LA NOSTRA FAMIGLIA!
http://www.lanostrafamiglia.it/index.php/it/sostienici/5x1000
(cf 00307430132, categoria ONLUS oppure RICERCA SANITARIA)
More information about the samba
mailing list