[Samba] Samba with Smart Card Support

ralph strebbing blackbirdralph at gmail.com
Thu Aug 11 19:21:53 UTC 2022

Hello All,

Currently working through this guide:

and it works just fine for the scope of the environment being used.
But one thing I wanted to confirm, was when using 2 domain
controllers, that another DC cert should be generated? If this is the
case, then should the following from the openssl.cnf be changed:

In my case I'm conducting the generation of the certificates on a
separate server, crl.samdom.com
This piece, I have the crp_default set to crl.samdom.com/samdom.crl
set_crp_default = http://dc1.greatlakes.example.com/greatlakes.crl

However this was ALSO set to crl.samdom.com instead of dc1.samdom.com
and smart card functionality worked. Should I change this to dc1 and
dc2 respectively when generating the DC certs on a multi-DC
set_dns = dc1.greatlakes.example.com


More information about the samba mailing list