[Samba] Samba with Smart Card Support
ralph strebbing
blackbirdralph at gmail.com
Thu Aug 11 19:21:53 UTC 2022
Hello All,
Currently working through this guide:
https://wiki.samba.org/index.php/Samba_AD_Smart_Card_Login
and it works just fine for the scope of the environment being used.
But one thing I wanted to confirm, was when using 2 domain
controllers, that another DC cert should be generated? If this is the
case, then should the following from the openssl.cnf be changed:
In my case I'm conducting the generation of the certificates on a
separate server, crl.samdom.com
This piece, I have the crp_default set to crl.samdom.com/samdom.crl
set_crp_default = http://dc1.greatlakes.example.com/greatlakes.crl
However this was ALSO set to crl.samdom.com instead of dc1.samdom.com
and smart card functionality worked. Should I change this to dc1 and
dc2 respectively when generating the DC certs on a multi-DC
environment?
set_dns = dc1.greatlakes.example.com
Thanks,
Ralph
More information about the samba
mailing list